Conversation
✅ Deploy Preview for solid-start-landing-page ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
atilafassina
left a comment
atilafassina
left a comment
There was a problem hiding this comment.
Sorry about the delay reviewing it.
2 minor questions/suggestions.
| // For more details, see: https://vite.dev/config/build-options.html#build-assetsinlinelimit | ||
| const csp = ` | ||
| default-src 'self'; | ||
| script-src 'nonce-${nonce}' 'strict-dynamic' 'unsafe-eval'; |
There was a problem hiding this comment.
shouldn't unsafe-eval be present only in development builds?
and nonce only in production?
There was a problem hiding this comment.
shouldn't unsafe-eval be present only in development builds?
I believe Seroval uses eval in production too, though I haven't tested it myself.
and nonce only in production?
Yeah, it's kind of optional. I always use nonce in development to make sure everything is set up correctly. But I guess that can be annoying.
More templates
commit: |
|
|
I tried to address the mentioned concerns, but also made some small changes. So please review carefully. |
atilafassina
force-pushed
the
feat/add-strict-csp-example
branch
from
46431b9 to
4a33ee6
Compare
atilafassina
left a comment
atilafassina
left a comment
There was a problem hiding this comment.
🏆 thank you for the work and the patience!
2 participants
This PR adds an example demonstrating how to implement a strict CSP with a nonce. I created the project with the Solid CLI using the bare template and added CSP.