History

Luis Alvarez D f10f3304fe Replace the deprecated Create Next App URL (#9032 )		2019-10-10 23:34:14 -04:00
..
pages	Add prettier for examples directory (#5909 )	2018-12-17 17:34:32 +01:00
csp.js	Add with-strict-csp example (#4858 )	2018-08-06 20:19:16 -07:00
package.json	Test updater script on examples folder (#5993 )	2019-01-05 12:19:27 +01:00
README.md	Replace the deprecated Create Next App URL (#9032 )	2019-10-10 23:34:14 -04:00
server.js	Add prettier for examples directory (#5909 )	2018-12-17 17:34:32 +01:00

README.md

Strict CSP example

How to use

Using `create-next-app`

Execute create-next-app with Yarn or npx to bootstrap the example:

npx create-next-app --example with-strict-csp with-strict-csp-app
# or
yarn create next-app --example with-strict-csp with-strict-csp-app

Download manually

Download the example:

curl https://codeload.github.com/zeit/next.js/tar.gz/canary | tar -xz --strip=2 next.js-canary/examples/with-strict-csp
cd with-strict-csp

Install it and run:

npm install
npm run dev
# or
yarn
yarn dev

Deploy it to the cloud with now (download)

now

The idea behind the example

If you want to implement a CSP, the most effective way is to follow the strict CSP approach. For it to work, we need to generate a nonce on every request.

This example uses Helmet to configure the CSP and add the appropriate headers to all server responses. The nonce is generated with uuid. Then we can pass the nonce to <Head> and <NextScript> in the custom <Document>.