gatsby-plugin-csp icon indicating copy to clipboard operation
gatsby-plugin-csp copied to clipboard

Published 20 hours ago verified publisher icon bejamas

HTTP headers support

Open thomkrupa opened this issue 5 years ago • 3 comments

https://github.com/gatsbyjs/gatsby/issues/10890#issuecomment-468982396

thomkrupa avatar Mar 05 '19 10:03 thomkrupa

I would like to suggest adding a new option in the plugin to flush all CSP header directives to a file in .cache directory which would allow other plugins to interact with.

For instance, gatsby-plugin-s3 would be able to pick it up and merge with their own params, which would then upload custom Metadata to S3 (then serve Content-Security-Policy as header).

Other plugins such as gatsby-plugin-netlify would be able to implement the same action.

Cross reference to https://github.com/jariz/gatsby-plugin-s3/issues/144

lightningspirit avatar Apr 24 '20 17:04 lightningspirit

@lightningspirit I agree, this feature would make server-side CSP implementation a lot easier.

Do you know of any alternate solutions/workarounds for a header-based approach?

ryanerringtonatom avatar Mar 04 '21 11:03 ryanerringtonatom

@lightningspirit I agree, this feature would make server-side CSP implementation a lot easier.

Do you know of any alternate solutions/workarounds for a header-based approach?

Actually, after a couple of tests, I ended up not using this plugin at all. Instead, I only used https://github.com/jariz/gatsby-plugin-s3/issues/144 and decided to hardcode my Content-Security-Policy in plugin's configs for headers.

lightningspirit avatar Mar 06 '21 15:03 lightningspirit