5eea161d8b
There's been some confusion on the correct way to add a `nonce`, so took the opportunity here to: - Add a new docs page for Content Security Policy - Explained how to generate a `nonce` with Middleware - Showed how to consume the `nonce` in a route with `headers` - Updated the `with-strict-csp` example - Update the `nonce` error message page - Backlinked to the new page in a few places in the docs
1.1 KiB
1.1 KiB
Content Security Policy with Nonce
This example shows how to create a Next.js application that sets a strict Content Security Policy (CSP) for your pages, including generating a dynamic nonce.
Deploy your own
How to use
Execute create-next-app
with npm, Yarn, or pnpm to bootstrap the example:
npx create-next-app --example with-strict-csp with-strict-csp-app
yarn create next-app --example with-strict-csp with-strict-csp-app
pnpm create next-app --example with-strict-csp with-strict-csp-app
Deploy it to the cloud with Vercel (Documentation).