1
0
Fork 0
mirror of https://github.com/terribleplan/next.js.git synced 2024-01-19 02:48:18 +00:00
next.js/examples/with-strict-csp-hash
Tim Neutkens 9c4eefcdbf
Add prettier for examples directory (#5909)
* Add prettier for examples directory

* Fix files

* Fix linting

* Add prettier script in case it has to be ran again
2018-12-17 17:34:32 +01:00
..
pages Add prettier for examples directory (#5909) 2018-12-17 17:34:32 +01:00
package.json Factor out NextScript inline source (#4934) (#4939) 2018-08-14 11:05:25 -07:00
README.md Factor out NextScript inline source (#4934) (#4939) 2018-08-14 11:05:25 -07:00

Deploy to now

Example app with strict CSP generating script hash

How to use

Using create-next-app

Execute create-next-app with Yarn or npx to bootstrap the example:

npx create-next-app --example with-strict-csp-hash with-strict-csp-hash-app
# or
yarn create next-app --example with-strict-csp-hash with-strict-csp-hash-app

Download manually

Download the example:

curl https://codeload.github.com/zeit/next.js/tar.gz/canary | tar -xz --strip=2 next.js-canary/examples/with-strict-csp-hash
cd with-strict-csp-hash

Install it and run:

npm install
npm run dev
# or
yarn
yarn dev

Deploy it to the cloud with now (download)

now

The idea behind the example

This example features how you can set up a strict CSP for your pages whitelisting next's inline bootstrap script by hash. In contrast to the example with-strict-csp based on nonces, this way doesn't require running a server to generate fresh nonce values on every document request. It defines the CSP by document meta tag.

Note: There are still valid cases for using a nonce in case you need to inline scripts or styles for which calculating a hash is not feasible.