tina-cloud-starter icon indicating copy to clipboard operation
tina-cloud-starter copied to clipboard

Published 20 hours ago • verified publisher icon tinacms

Investigate/test CSP use with the starter

Open mitchmac opened this issue 3 years ago • 2 comments

Content security policies provide an extra layer of security for various theoretical vulnerabilities. We could provide a sample CSP implementation in the starter or use the starter to guide documentation on potential CSP approaches.

mitchmac avatar Jun 21 '21 14:06 mitchmac

Next.js has security headers: https://nextjs.org/docs/advanced-features/security-headers

DirtyF avatar Jun 22 '21 07:06 DirtyF

provide an extra layer of security for various theoretical vulnerabilities

We may run into a few snags with unsafe-inline. Looks like that's still an issue

https://github.com/styled-components/styled-components/issues/887#issuecomment-828627183

jeffsee55 avatar Jul 22 '21 23:07 jeffsee55