vite-plugin-csp
v1.1.2
Published
Create CSP meta tags and header configs from all sources in the final Vite html
Downloads
19,528
Maintainers
Readme
CSP (Content-Security-Policy) Vite Plugin
Leverages csp-typed-directives to create typed CSP <meta>
policies and validated interdependant headers.
e.g. the CSP, CSP Report-Only, Report-To, and Referrer-Policy headers.
Mostly config compatible with csp-html-webpack-plugin
WARNING, STILL EARLY AND THINGS LIKE MODULE RESOLUTION ARE FINICKY
Now looking at making a multi-repo because this is going to require multiple layers of shared functionality and also built to an unplugin
Installation
Install the plugin with npm:
$ npm install --save-dev vite-plugin-csp
# Or shorthand
npm i -D vite-plugin-csp
Known issues
- Relative modules are resolved relative to the CWD, not the file
- no SSR support (and thus no nonce support)
- No parsing of JS embeded sources (since that would require framework specific plugins)
- Only
script
andstyle
related directives are supported (except for the inclusion ofreport-to
for generating headers)