By default, thecsp-html-webpack-pluginhas a very lax policy. You should configure it for your needs. A good starting policy would be the following: new CspHtmlWebpackPlugin({ 'script-src': '', 'style-src': '' }); Although we're configuringscript-srcandstyle-srcto be blank, the CSP...
Step 1: install the pluginnpm i --save strict-csp-html-webpack-plugin@beta(or with yarn)Step 2: Configure the pluginIn your site's or app's webpack.config.js:const HtmlWebpackPlugin = require('html-webpack-plugin'); const StrictCspHtmlWebpackPlugin = require('strict-csp-html-webpack...
Step 1: install the plugin npm i --save strict-csp-html-webpack-plugin@beta (or withyarn) Step 2: Configure the plugin In your site's or app'swebpack.config.js: constHtmlWebpackPlugin=require('html-webpack-plugin');constStrictCspHtmlWebpackPlugin=require('strict-csp-html-webpack-plugin...
slackhq/csp-html-webpack-plugin version: 5.1.0 node version: 14.19.3 OS version(s): Mac OS 12.4 Steps to reproduce: Use the above config to build the app. View the built index.html asset. Expected result: The CSP content to have the nonce values in it. Actual result: The nonce val...
slackhq/csp-html-webpack-plugin version:v5.1.0 node version:v20.11.1 OS version(s): all Seems to have broken sometime recently, I'm guessing it is related to#75 Steps to reproduce: Have html entities (&,, etc) in your html template file ...
Being able to enable/disable nonces for each directive is really nice, but in my specific case I want to disable all usage of nonces and thelist of directivesis steadily growing. Ifcsp-html-webpack-pluginupdates and adds support for a new directive, I have to remember to disable that one...