mirror of https://github.com/terribleplan/next.js.git synced 2024-01-19 02:48:18 +00:00

History

Juan Olvera 7e12997af6 Test updater script on examples folder (#5993 ) I wrote a [script](https://github.com/j0lv3r4/dependency-version-updater) to update dependencies recursively in `package.json` files, e.g.: ``` $ node index.js --path="./examples" --dependencies="react=^16.7.0,react-dom=^16.7.0" ``` This PR contains the result against the examples folder.		2019-01-05 12:19:27 +01:00
..
pages	Add prettier for examples directory (#5909 )	2018-12-17 17:34:32 +01:00
csp.js	Add with-strict-csp example (#4858 )	2018-08-06 20:19:16 -07:00
package.json	Test updater script on examples folder (#5993 )	2019-01-05 12:19:27 +01:00
README.md	Add with-strict-csp example (#4858 )	2018-08-06 20:19:16 -07:00
server.js	Add prettier for examples directory (#5909 )	2018-12-17 17:34:32 +01:00

README.md

Strict CSP example

How to use

Using `create-next-app`

Execute create-next-app with Yarn or npx to bootstrap the example:

npx create-next-app --example with-strict-csp with-strict-csp-app
# or
yarn create next-app --example with-strict-csp with-strict-csp-app

Download manually

Download the example:

curl https://codeload.github.com/zeit/next.js/tar.gz/canary | tar -xz --strip=2 next.js-canary/examples/with-strict-csp
cd with-strict-csp

Install it and run:

npm install
npm run dev
# or
yarn
yarn dev

Deploy it to the cloud with now (download)

now

The idea behind the example

If you want to implement a CSP, the most effective way is to follow the strict CSP approach. For it to work, we need to generate a nonce on every request.

This example uses Helmet to configure the CSP and add the appropriate headers to all server responses. The nonce is generated with uuid. Then we can pass the nonce to <Head> and <NextScript> in the custom <Document>.