gatsby-plugin-csp
gatsby-plugin-csp copied to clipboard
bejamas
A Gatsby plugin which adds strict Content Security Policy to your project.
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.4.1 to 4.21.4. Changelog Sourced from browserslist's changelog. 4.21.4 Updated Firefox ESR. 4.21.3 Improved unknown region and unknown feature error (by Alexander Chabin). 4.21.2 Updated Firefox ESR....
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3. Changelog Sourced from y18n's changelog. 4.0.3 (2021-04-07) Bug Fixes release: 4.x.x should not enforce Node 10 (#126) (1e21a53) 4.0.1 (2020-11-30) Bug Fixes address prototype...
The `disableOnDev` flag should be deleted from the output prior to printing to HTML. Currently it is:  Which throws an error in Chrome 
Love this plugin, went from "what is CSP" to it's working in like 2 hours. However I only got it working with the insecure directives: ```javascript directives: { 'script-src': `'self'...
https://github.com/gatsbyjs/gatsby/issues/10890#issuecomment-468982396
A production build puts the following in my `head`, as seen in curl: ``` ``` The `'`s are being escaped to `'`, which is breaking the CSP. It looks like...
Hi, thanks for the nice plugin. I'm working on a Gatsby Theme with Styled componets and I don't get the hashes in the style-src. Is this a known issue?
Header "upgrade-insecure-requests" & "block-all-mixed-content" are not working. Why are we not just using a package like "content-security-policy-builder" to build the csp header. This would fix a lot of features of...
Hello, I'm noticing the plugin is only adding a small portion of the required inline scripts/styles which is throwing errors and breaking my site. My plugin config looks like: ```...
Please add report-src. It's a part of the standard. Thanks! This plugin is super helpful.
