Next.js: Crafting a Strict CSP

Developer Tools Web Frameworks Web Development Tools

Vercel Landing Page

1

Vercel

Vercel is the platform for frontend developers, providing the speed and reliability innovators need to create at the moment of inspiration.

Function getContentSecurityPolicyHeaderValue( nonce: string, reportUri: string, ): string { // Default CSP for Next.js const contentSecurityPolicyDirective = { 'base-uri': [`'self'`], 'default-src': [`'none'`], 'frame-ancestors': [`'none'`], 'font-src': [`'self'`], 'form-action': [`'self'`], 'frame-src': [`'self'`], 'connect-src': [`'self'`], 'img-src': [`'self'`], 'manifest-src': [`'self'`], 'object-src': [`'none'`], 'report-uri': [reportUri], // for old browsers like Firefox 'report-to': ['csp'], // for modern browsers like Chrome 'script-src': [ `'nonce-${nonce}'`, `'strict-dynamic'`, // force hashes and nonces over domain host lists ], 'style-src': [`'self'`], } if (process.env.NODE_ENV === 'development') { // Webpack use eval() in development mode for automatic JS reloading contentSecurityPolicyDirective['script-src'].push(`'unsafe-eval'`) } if (process.env.NEXT_PUBLIC_VERCEL_ENV === 'preview') { contentSecurityPolicyDirective['connect-src'].push('https://vercel.live') contentSecurityPolicyDirective['connect-src'].push('wss://*.pusher.com') contentSecurityPolicyDirective['img-src'].push('https://vercel.com') contentSecurityPolicyDirective['font-src'].push('https://vercel.live') contentSecurityPolicyDirective['frame-src'].push('https://vercel.live') contentSecurityPolicyDirective['style-src'].push('https://vercel.live') } return Object.entries(contentSecurityPolicyDirective) .map(([key, value]) => `${key} ${value.join(' ')}`) .join('; ') }.

#Developer Tools #Web Development Tools #App Deployment 522 social mentions
Next.js Landing Page
2

Next.js

A small framework for server-rendered universal JavaScript apps
Pricing:
- Open Source
Configuring Content Security Policy from nextjs.org.

#Developer Tools #Web Frameworks #JavaScript Framework 919 social mentions