makestatic-csp
v1.0.8
Published
Generate CSP meta and nonces
Downloads
4
Maintainers
Readme
Content Security Policy
Generate content security policy meta elements and nonces
Install
yarn add makestatic-csp
API
ContentSecurityPolicy
Inject file specific content security policy meta elements.
For each HTML file inspect the plugin rules and inject a meta element
for each matched rule. When the styles
or scripts
options are used
it will also generate content security policies using the nonce
algorithm and add the nonce
values as attributes to the inline elements.
Requires that the parse-html
and parse-csp
plugins have been enabled
for the parse
phase as it operates on the HTML and CSP abstract
syntax trees.
Enable this plugin for the transform
phase.
See Also
ContentSecurityPolicy
new ContentSecurityPolicy(context, options)
Create a ContentSecurityPolicy plugin.
Use this plugin during the transform
phase, you should enable the
parse-csp
and parse-html
plugins for the parse
phase.
This plugin uses a default content security policy parsed from csp.txt
,
When the watch
option is set this plugin will automatically include a
connect-src
policy with the ws://localhost:*
and http://localhost:*
values so that browsersync will work as expected.
A rule consists of a test
regular expression pattern and the
policy
to merge with the parsed content security policy abstract syntax
tree.
{
rules: [
{
test: /news\//,
file: 'news-csp.txt',
policy: {
'default-src': ['self'],
'frame-src': ['none']
}
}
]
}
Use the file
rule field when you want to use a default policy from an
alternative content security policy file.
If no test
pattern is specified for a rule it will apply to all files
this plugin matches.
Use the styles
and scripts
options to generate content security
policies for inline elements using the nonce
algorithm. This will add
nonce
attributes to the inline elements and update the content security
policy to include the generated nonce values.
The generated nonce
value is a base64 encoded string of 32 random bytes
generated by crypto.randomBytes()
, you can use the bytes
option to
change the number of bytes used.
context
Object the processing context.options
Object plugin options.
Options
rules
Array list of file match rules.bytes
Number=32 number of bytes to use for the nonce.styles
String generate inline style policies.scripts
String generate inline script policies.
Throws
Error
if the rules option is not an array.
.before
ContentSecurityPolicy.prototype.before(context, options)
Configure the list of matched files.
context
Object the processing context.options
Object plugin options.
.sources
ContentSecurityPolicy.prototype.sources(file, context, options)
Find the first matching rule for a file.
file
File the current file.context
Object the processing context.options
Object plugin options.
.after
ContentSecurityPolicy.prototype.after(context, options)
Rewrite file content.
context
Object the processing context.options
Object plugin options.
License
MIT
Created by mkdoc on March 12, 2017