Skip to content

Fixes the incorrectly escaped quotes in the meta content security policy tag on next.js static exports

License

Notifications You must be signed in to change notification settings

datalink/next-static-export-fix-csp-quotes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

next-static-export-fix-csp-quotes

Fixes the incorrectly escaped quotes in the meta content security policy tag on next.js static exports.

The problem

Next.JS builds a static export using next export. Next's static export feature does not support the Security Headers feature of Next, so the solution to adding a content security policy is to write it in _document.ts.

Unfortunately, due to React's automatic string escaping, any content security policy added into _document.ts will be improperly escaped, leading this this:

<meta http-equiv="Content-Security-Policy" content="default-src &#x27;self&#x27; &#x27;unsafe-eval&#x27;"/>

This is due to a long-standing known issue in React:

The fix

This tool searches for html files in the ./out directory of a next.js export, and fixes all occurrances of &#x27; to replace them to ' so that the content security can be parsed by browsers.

<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval'"/>

Installation

npm install --save-dev github:datalink/next-static-export-fix-csp-quotes

Usage

In your package.json, add it to the end of your build process as follows:

{
  "scripts": {
    "build": "next build && next export && next-static-export-fix-csp-quotes",
  }
}

When building, you will see the following additional output:

Scanning dirdctory ./out for html files
Updating 404.html
Fixed 8 occurrances
Updating page.html
Fixed 8 occurrances
Updating app.html
Fixed 8 occurrances
Updating index.html
Fixed 8 occurrances
Done

Licence & Warranty

This is licensed under the MIT licence, and can be freely used. There is no warranty; use at your own risk.

Caveats & Bugs

  • This has not been testing on windows
  • There are no unit tests yet

About

Fixes the incorrectly escaped quotes in the meta content security policy tag on next.js static exports

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published