bejamas / gatsby-plugin-csp

A Gatsby plugin which adds strict Content Security Policy to your project.
MIT License
38 stars 15 forks source link

HTTP headers support #4

Open thomkrupa opened 5 years ago

thomkrupa commented 5 years ago

https://github.com/gatsbyjs/gatsby/issues/10890#issuecomment-468982396

lightningspirit commented 4 years ago

I would like to suggest adding a new option in the plugin to flush all CSP header directives to a file in .cache directory which would allow other plugins to interact with.

For instance, gatsby-plugin-s3 would be able to pick it up and merge with their own params, which would then upload custom Metadata to S3 (then serve Content-Security-Policy as header).

Other plugins such as gatsby-plugin-netlify would be able to implement the same action.

Cross reference to https://github.com/jariz/gatsby-plugin-s3/issues/144

ryanerringtonatom commented 3 years ago

@lightningspirit I agree, this feature would make server-side CSP implementation a lot easier.

Do you know of any alternate solutions/workarounds for a header-based approach?

lightningspirit commented 3 years ago

@lightningspirit I agree, this feature would make server-side CSP implementation a lot easier.

Do you know of any alternate solutions/workarounds for a header-based approach?

Actually, after a couple of tests, I ended up not using this plugin at all. Instead, I only used https://github.com/jariz/gatsby-plugin-s3/issues/144 and decided to hardcode my Content-Security-Policy in plugin's configs for headers.