Documentation on using CSP for statically generated sites #83
Comments
|
Same issue for me. I try to add this configuration but there are no CSP headers or meta tag inserted to the HTML: import { defineConfig } from 'astro/config';
import { shield } from '@kindspells/astro-shield';
export default defineConfig({
integrations: [
shield({
sri: {
enableStatic: true,
allowInlineScripts: 'all',
allowInlineStyles: 'all',
},
securityHeaders: {
contentSecurityPolicy: {
cspDirectives: {
'default-src': "'self'",
'script-src': "'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/",
'connect-src': "'self'",
'img-src': "'self' https:",
'font-src': "'self' https:",
},
},
},
}),
],
});I am deploying on Vercel by the way |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I'm having some trouble understanding how to use the CSP generation feature of this project with a statically generated website. I believe the docs only specify how to use them for an SSR website where you can inject the headers via a server middleware, which is not present for statically generated websites.
I looked through the dist folder to see if the CSP values were output anywhere.
Is there a way to save the generated CSP as an output of the build step or a generated file that I can reference when I deploy my static site to a CDN?
Thanks!
The text was updated successfully, but these errors were encountered: