Struggling with CSP nonce
Hi! I'm struggling to implement a nonce based content security policy on my app. What is the recommended way of doing it in T3?
The only solution so far that I could find in the next docs is to use the app router where the x-nonce header will be automatically read and attached to every script or style tag but it just doesn't do it on page router and the whole app bundle gets blocked.
Solution:Jump to solution
I used this library - https://github.com/nibtime/next-safe-middleware
GitHub
GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security...
Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/ - GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security-Policy) for Next.js hybrid apps https:...
2 Replies
Solution
I used this library - https://github.com/nibtime/next-safe-middleware
GitHub
GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security...
Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/ - GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security-Policy) for Next.js hybrid apps https:...
Thanks! It looks good but I'm concerned about the github issues raised about compatibility with [email protected] and it is not being maintained so I need to do some testing