Documentation on using CSP for statically generated sites #83
Comments
|
Same issue for me. I try to add this configuration but there are no CSP headers or meta tag inserted to the HTML: import { defineConfig } from 'astro/config';
import { shield } from '@kindspells/astro-shield';
export default defineConfig({
integrations: [
shield({
sri: {
enableStatic: true,
allowInlineScripts: 'all',
allowInlineStyles: 'all',
},
securityHeaders: {
contentSecurityPolicy: {
cspDirectives: {
'default-src': "'self'",
'script-src': "'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/",
'connect-src': "'self'",
'img-src': "'self' https:",
'font-src': "'self' https:",
},
},
},
}),
],
});I am deploying on Vercel by the way |
|
Hi @SeanPollock , @keke1210 , please excuse me for my super late response. Astro-Shield does not provide this feature yet, but we have it in our roadmap. The way to do it today is not too complicated, though, although it requires some extra scripting:
The related issues are: |
castarco
added
wontfix
|
Closing because we already have more specific issues covering the same problem exposed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I'm having some trouble understanding how to use the CSP generation feature of this project with a statically generated website. I believe the docs only specify how to use them for an SSR website where you can inject the headers via a server middleware, which is not present for statically generated websites.
I looked through the dist folder to see if the CSP values were output anywhere.
Is there a way to save the generated CSP as an output of the build step or a generated file that I can reference when I deploy my static site to a CDN?
Thanks!
The text was updated successfully, but these errors were encountered: