5f041447bc
* Find/Replace "Deploy it to the cloud..." * Find/Replace "Deploy it to the cloud..." (no colon) * Find/Replace "Deploy it to the cloud..." for firebase * Convert remaining ones * Storybook deployment * Update with-stripe-typescript * Update contributing.md * Remove `now` * Update examples/with-stripe-typescript/README.md Co-Authored-By: Luis Alvarez D. <luis@zeit.co>
1.6 KiB
1.6 KiB
Example app with strict CSP generating script hash
This example features how you can set up a strict CSP for your pages whitelisting next's inline bootstrap script by hash.
In contrast to the example with-strict-csp
based on nonces, this way doesn't require running a server to generate fresh nonce values on every document request.
It defines the CSP by document meta
tag.
Note: There are still valid cases for using a nonce in case you need to inline scripts or styles for which calculating a hash is not feasible.
Deploy your own
Deploy the example using ZEIT Now:
How to use
Using create-next-app
Execute create-next-app
with npm or Yarn to bootstrap the example:
npm init next-app --example with-strict-csp-hash with-strict-csp-hash-app
# or
yarn create next-app --example with-strict-csp-hash with-strict-csp-hash-app
Download manually
Download the example:
curl https://codeload.github.com/zeit/next.js/tar.gz/canary | tar -xz --strip=2 next.js-canary/examples/with-strict-csp-hash
cd with-strict-csp-hash
Install it and run:
npm install
npm run dev
# or
yarn
yarn dev
Deploy it to the cloud with ZEIT Now (Documentation).