astro-shield icon indicating copy to clipboard operation
astro-shield copied to clipboard
verified publisher icon kindspells

Support CSP headers generation for static content on Cloudflare

Open castarco opened this issue 1 year ago • 4 comments

To improve the usability of Astro-Shield, it would be good to support the generation of headers metadata specific for the Cloudflare provider, so we can generate CSP headers for static content.

Reference

  • See public/_headers file
  • See https://docs.astro.build/en/guides/integrations-guide/cloudflare/#headers

castarco avatar Mar 31 '24 15:03 castarco

I've hacked together a very simple temporary workaround for anyone who needs to get going with SRI headers in their CSP with Cloudflare Pages while this actual proper implementation is open.

Feel free to use the code snippets in my example to do the same if you want.

jacobpretorius avatar Oct 16 '24 17:10 jacobpretorius

Feel free to use the code snippets in my example to do the same if you want.

@jacobpretorius it's kinda work but i wonder why the browser ignore Content-Security-Policy with multiple subresource integrity

yudyananda avatar Jan 13 '25 00:01 yudyananda

CloudFlare uses the same headers file as Netlify. If you want to use this with CF, just set enableOnStaticPages: { provider: "netlify" } and you're good

valtism avatar Mar 12 '25 04:03 valtism

I'm not sure about that @valtism I tried it and it didn't quite work. The file may be the same but the formatting CF needs is different from what I recall. Or maybe it's just the more advanced use case where you want to have other directives defined as well.

This is what I tried and gave up with before I hacked together my own solution

Image

jacobpretorius avatar Mar 18 '25 10:03 jacobpretorius