1.1.5 ā€¢ Published 1 year ago

vite-react-csp v1.1.5

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

Package Quality npm version

A npm package/plugin that generates Content Security Policy for create-react-app without eject or rewired.

šŸ  [Homepage](https://github.com/YIZHUANG/react-csp)

Install

npm install react-csp --save-dev
Or
npm install react-csp -g

Prerequisite

  1. Make sure you have nodejs 8+ installed.
  2. Your react is generated with create-react-app
  3. index.html should be located in public/index.html

Usage

Create a file named either csp.json or csp.js in the root directory of your project.

React folder structure:

root:
  csp.js
  .gitignore
  package.json
  public/index.html
  src/index.js
  rest of the files...

The content in the file should be similar to the following:

csp.js

module.exports = {
  dev: {
  "default-src": ["'self'"],
  "style-src": [
    "'self'",
    "https://*.google.com",
  ]
  },
  prod: {
  "default-src": "'self'",  // can be either a string or an array.
  "style-src": [
    "'self'",
    "https://*.facebook.com",
  ],
  "connect-src": [
    "'self'",
    "https://mybackend.com"
  ]
  }
}

Or csp.json

{
  dev: {
  "default-src": ["'self'"],
  "style-src": [
    "'self'",
    "https://*.google.com",
  ]
  },
  prod: {
  "default-src": "'self'",  // can be either a string or an array.
  "style-src": [
    "'self'",
    "https://*.facebook.com",
  ],
  "connect-src": [
    "'self'",
    "https://mybackend.com"
  ]
  }
}

For more config, please refer to [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).

For dev environment:

Run react-csp dev in the command line.

For prod environment:

Run react-csp prod in the command line.

The recommented approach is to put the following in your package.json so that CSP in only generated when deploying to production/staging:

{
  "scripts": {
    "build": "react-csp dev && react-scripts build"
  }
}

Custom file name

react-csp dev --filename=any.html or react-csp dev --f=any.html

Run tests

npm run test

Author

šŸ‘¤ YIZHUANG

  • Github: [@YIZHUANG](https://github.com/YIZHUANG)

Show your support

Give a ā­ļø if this project helped you!

This Project including README, LICENSE, package.json, contributing etc was generated with ā¤ļø by [git-repo-npm-bootster](https://github.com/YIZHUANG/git-repo-npm-bootster)

Cli toolNodejsReactvite1CSPContent Security PolicyTypeScript
chalkjsdompretty
@everything-registry/sub-chunk-3062
1.1.5

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago