Nicely Presented Misnomer

    csp-webpack-plugin

    2.0.2 • Public • Published

    CSP Webpack Plugin

    This plugin takes result html from HtmlWebpackPlugin, generates content security policy and adds it to meta tag element.

    Features

    • compute hashes for inline script element
    • extract domains for external script element
    • insert content security policy in meta tag

    Usage

    Add this plugin in webpack config with custom content security policy

    new HtmlWebpackPlugin(),
    new CSPWebpackPlugin({
      'object-src': '\'none\'',
      'base-uri': '\'self\'',
      'script-src': ['\'unsafe-inline\'', '\'self\'', '\'unsafe-eval\'','http://ajax.googleapis.com'],
      'worker-src': ['\'self\'','blob:']
      })
    

    Add this placeholder %%CSP_CONTENT%% to your index template

    <meta http-equiv="Content-Security-Policy" content="%%CSP_CONTENT%%">
    

    Keywords

    none

    Install

    npm i csp-webpack-plugin

    DownloadsWeekly Downloads

    371

    Version

    2.0.2

    License

    Apache

    Unpacked Size

    122 kB

    Total Files

    10

    Last publish

    Collaborators

    • alexmin