1.1.1 • Published 6 years ago

@pcces/csp-webpack-plugin v1.1.1

Weekly downloads
2
License
Apache
Repository
-
Last release
6 years ago

CSP Webpack Plugin

This plugin takes result html from HtmlWebpackPlugin, generates content security policy and adds it to meta tag element.

Features

  • compute hashes for inline script element
  • extract domains for external script element
  • insert content security policy in meta tag

Usage

Add this plugin in webpack config with custom content security policy

new HtmlWebpackPlugin(),
new CSPWebpackPlugin({
  'object-src': '\'none\'',
  'base-uri': '\'self\'',
  'script-src': ['\'unsafe-inline\'', '\'self\'', '\'unsafe-eval\'','http://ajax.googleapis.com'],
  'worker-src': ['\'self\'','blob:']
  })

Add this placeholder %%CSP_CONTENT%% to your index template

<meta http-equiv="Content-Security-Policy" content="%%CSP_CONTENT%%">
cheeriolodash
@infinitebrahmanuniverse/nolb-_pc@everything-registry/sub-chunk-709@zalastax/nolb-_pc
1.1.1

6 years ago

1.1.0

6 years ago