History

Shu Uesugi 6804039e94 Make example READMEs more consistent (#10124 ) * npx create → npm init * Fix inconsistent instructions * Update amp-first * Update with-graphql-react * with-firebase-cloud-messaging * Update with-higher-order-component * change create-next-app url * Update create-next-app instruction * Update instructions to use npm instead of npx * Move "the idea behind the example" to top * Rename * Rename * Update contributing.md with a README template		2020-01-16 23:23:56 +01:00
..
pages	Improve linting rules to catch more errors (#9374 )	2019-11-10 19:24:53 -08:00
package.json	Test updater script on examples folder (#5993 )	2019-01-05 12:19:27 +01:00
README.md	Make example READMEs more consistent (#10124 )	2020-01-16 23:23:56 +01:00

README.md

Example app with strict CSP generating script hash

This example features how you can set up a strict CSP for your pages whitelisting next's inline bootstrap script by hash. In contrast to the example with-strict-csp based on nonces, this way doesn't require running a server to generate fresh nonce values on every document request. It defines the CSP by document meta tag.

Note: There are still valid cases for using a nonce in case you need to inline scripts or styles for which calculating a hash is not feasible.

Deploy your own

Deploy the example using ZEIT Now:

How to use

Using `create-next-app`

Execute create-next-app with npm or Yarn to bootstrap the example:

npm init next-app --example with-strict-csp-hash with-strict-csp-hash-app
# or
yarn create next-app --example with-strict-csp-hash with-strict-csp-hash-app

Download manually

Download the example:

curl https://codeload.github.com/zeit/next.js/tar.gz/canary | tar -xz --strip=2 next.js-canary/examples/with-strict-csp-hash
cd with-strict-csp-hash

Install it and run:

npm install
npm run dev
# or
yarn
yarn dev

Deploy it to the cloud with now (download):

now