0.2.3 • Published 5 months ago
@enalmada/next-secure v0.2.3
helper for generating headers with next-safe
Why
- group csp rules into object with description field as a means of documenting what needs specific rules
- abstract out some security best practices that can be shared with multiple projects
Getting Started
Read the documentation
TODO
review with-csp and use in middleware vs next.config.mjs
Alternatives
- only supported raw list of CSP whitelist but I wanted tracking per 3rd party
- to only add CSP on routes that needed it
- to know why things were being added and minimize risk of orphaning
- no longer maintained
- didn't seem to support app directory
- Next > 13.4.4 issues (possibly workaround https://github.com/nibtime/next-safe-middleware/issues/96#issuecomment-1702264013)
with-csp next.js has had work in 13.5 to improve dynamic csp
- unclear how static pages should be protected
Build Notes
- Using latest module and target settings for current LTS
- using tsc for types until bun support comes around
Contribute
Using changesets so please remember to run "changeset" with any PR.
Give consideration for the summary as it is what will show up in the changelog.