docs: Add docs on CSP and nonce generation (#54601 )

There's been some confusion on the correct way to add a `nonce`, so took the opportunity here to:

- Add a new docs page for Content Security Policy
- Explained how to generate a `nonce` with Middleware
- Showed how to consume the `nonce` in a route with `headers`
- Updated the `with-strict-csp` example
- Update the `nonce` error message page
- Backlinked to the new page in a few places in the docs

2023-09-01 22:13:49 +00:00

1.1 KiB

Raw Blame History

Content Security Policy with Nonce

This example shows how to create a Next.js application that sets a strict Content Security Policy (CSP) for your pages, including generating a dynamic nonce.

Deploy your own

How to use

Execute create-next-app with npm, Yarn, or pnpm to bootstrap the example:

npx create-next-app --example with-strict-csp with-strict-csp-app

yarn create next-app --example with-strict-csp with-strict-csp-app

pnpm create next-app --example with-strict-csp with-strict-csp-app

Deploy it to the cloud with Vercel (Documentation).

1.1 KiB Raw Blame History

Content Security Policy with Nonce

Deploy your own

How to use

1.1 KiB

Raw Blame History