3ba3eeb2a2
The `block-all-mixed-content` CSP directive has been deprecated and it is not recommended to use it anymore. Furthermore, the `upgrade-insecure-requests` directive is evaluated before `block-all-mixed-content`, if the former is set, the latter does nothing. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content Reference: https://www.w3.org/TR/mixed-content/#strict-checking Co-authored-by: JJ Kasper <jj@jjsweb.site> |
||
---|---|---|
.. | ||
app | ||
.gitignore | ||
middleware.js | ||
package.json | ||
README.md |
Content Security Policy with Nonce
This example shows how to create a Next.js application that sets a strict Content Security Policy (CSP) for your pages, including generating a dynamic nonce.
Deploy your own
How to use
Execute create-next-app
with npm, Yarn, or pnpm to bootstrap the example:
npx create-next-app --example with-strict-csp with-strict-csp-app
yarn create next-app --example with-strict-csp with-strict-csp-app
pnpm create next-app --example with-strict-csp with-strict-csp-app
Deploy it to the cloud with Vercel (Documentation).