Strict Content Security Policy (Hash-based) #29326
Unanswered
guydumais
asked this question in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Intro
95% of real-world Content Security Policy (CSP) deployments are bypassed and 99.34% of hosts with CSP use policies that offer no benefit against XSS based on the most comprehensive study to date from Google,
In the context of a Single Page App (SPA) such as the Next.js/React framework, we need to use a Hash-based CSP in order to properly integrate a strict CSP which will offer real protection against CSS attacks.
next-strict-csp
That's why I created a package on NPM called next-strict-csp specifically designed for Next.js to allow developers to integrate strict CSP in a snap with just a few lines of code.
Live Demo
A live demo with next-strict-csp is available on my personal website:
https://guydumais.digital/blog/how-to-deploy-a-strict-content-security-policy-csp-with-next-js/
Beta Was this translation helpful? Give feedback.
All reactions