History

Eng Zer Jun 3ba3eeb2a2 Remove obsolete `block-all-mixed-content` CSP directive (#63595 ) The `block-all-mixed-content` CSP directive has been deprecated and it is not recommended to use it anymore. Furthermore, the `upgrade-insecure-requests` directive is evaluated before `block-all-mixed-content`, if the former is set, the latter does nothing. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content Reference: https://www.w3.org/TR/mixed-content/#strict-checking Co-authored-by: JJ Kasper <jj@jjsweb.site>		2024-03-25 10:09:17 -07:00
..
app	chore(examples): use default prettier for examples/templates (#60530 )	2024-01-11 16:01:44 -07:00
.gitignore	Add .yarn/install-state.gz to .gitignore (#56637 )	2023-10-18 16:34:48 +00:00
middleware.js	Remove obsolete `block-all-mixed-content` CSP directive (#63595 )	2024-03-25 10:09:17 -07:00
package.json	Update Examples to use React 18 (#42027 )	2022-10-28 17:43:20 +00:00
README.md	docs: Add docs on CSP and nonce generation (#54601 )	2023-09-01 22:13:49 +00:00

README.md

Content Security Policy with Nonce

This example shows how to create a Next.js application that sets a strict Content Security Policy (CSP) for your pages, including generating a dynamic nonce.

Deploy your own

How to use

Execute create-next-app with npm, Yarn, or pnpm to bootstrap the example:

npx create-next-app --example with-strict-csp with-strict-csp-app

yarn create next-app --example with-strict-csp with-strict-csp-app

pnpm create next-app --example with-strict-csp with-strict-csp-app

Deploy it to the cloud with Vercel (Documentation).