Skip to content

feat(nextjs): Add CSP in middleware #5472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jacekradko wants to merge 2 commits into from
Closed

feat(nextjs): Add CSP in middleware #5472

jacekradko wants to merge 2 commits into from

Conversation

@jacekradko
Copy link
Member

@jacekradko jacekradko commented Mar 27, 2025
edited
Loading

Description

Adding the ability to automatically inject the CSP header through @clerk/nextjs middleware.

Closes: SDKI-913

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@changeset-bot
Copy link

changeset-bot bot commented Mar 27, 2025
edited
Loading

🦋 Changeset detected

Latest commit: a8e03f6

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@clerk/nextjs Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link

vercel bot commented Mar 27, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
clerk-js-sandbox ⬜️ Skipped (Inspect) Mar 31, 2025 4:30pm

@jacekradko
Copy link
Member Author

jacekradko commented Mar 28, 2025

!snapshot

@jacekradko jacekradko requested a review from Copilot March 28, 2025 14:02
Copilot AI reviewed Mar 28, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces the ability to generate and inject a Clerk-compatible Content-Security-Policy header into Next.js middleware. Key changes include:

  • Adding CSP header creation and parsing functions in utils.ts.
  • Updating clerkMiddleware.ts to inject the generated CSP header.
  • Creating tests to validate the behavior of the new CSP header logic.
  • Documenting the change in a changeset file.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
packages/nextjs/src/server/utils.ts Added types and functions (createCSPHeader, parseCSPHeader) for CSP
packages/nextjs/src/server/clerkMiddleware.ts Updated middleware to inject and log the CSP header
packages/nextjs/src/server/tests/utils.test.ts Added unit tests to cover CSP header generation and merging logic
.changeset/vast-clubs-speak.md Documented the CSP header addition in the changeset

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 28, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250328140311
@clerk/astro 2.4.6-snapshot.v20250328140311
@clerk/backend 1.25.9-snapshot.v20250328140311
@clerk/chrome-extension 2.2.24-snapshot.v20250328140311
@clerk/clerk-js 5.59.0-snapshot.v20250328140311
@clerk/elements 0.23.9-snapshot.v20250328140311
@clerk/clerk-expo 2.9.7-snapshot.v20250328140311
@clerk/expo-passkeys 0.2.1-snapshot.v20250328140311
@clerk/express 1.3.60-snapshot.v20250328140311
@clerk/fastify 2.1.33-snapshot.v20250328140311
@clerk/nextjs 6.12.13-snapshot.v20250328140311
@clerk/nuxt 1.4.7-snapshot.v20250328140311
@clerk/clerk-react 5.25.6-snapshot.v20250328140311
@clerk/react-router 1.1.12-snapshot.v20250328140311
@clerk/remix 4.5.12-snapshot.v20250328140311
@clerk/shared 3.3.0-snapshot.v20250328140311
@clerk/tanstack-react-start 0.12.3-snapshot.v20250328140311
@clerk/testing 1.4.34-snapshot.v20250328140311
@clerk/vue 1.4.6-snapshot.v20250328140311

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250328140311 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250328140311 --save-exact

@clerk/backend

npm i @clerk/backend@1.25.9-snapshot.v20250328140311 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250328140311 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250328140311 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250328140311 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250328140311 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250328140311 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250328140311 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250328140311 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250328140311 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250328140311 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250328140311 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250328140311 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250328140311 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250328140311 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250328140311 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250328140311 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250328140311 --save-exact

@jacekradko
Copy link
Member Author

jacekradko commented Mar 28, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 28, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250328144410
@clerk/astro 2.4.6-snapshot.v20250328144410
@clerk/backend 1.25.9-snapshot.v20250328144410
@clerk/chrome-extension 2.2.24-snapshot.v20250328144410
@clerk/clerk-js 5.59.0-snapshot.v20250328144410
@clerk/elements 0.23.9-snapshot.v20250328144410
@clerk/clerk-expo 2.9.7-snapshot.v20250328144410
@clerk/expo-passkeys 0.2.1-snapshot.v20250328144410
@clerk/express 1.3.60-snapshot.v20250328144410
@clerk/fastify 2.1.33-snapshot.v20250328144410
@clerk/nextjs 6.12.13-snapshot.v20250328144410
@clerk/nuxt 1.4.7-snapshot.v20250328144410
@clerk/clerk-react 5.25.6-snapshot.v20250328144410
@clerk/react-router 1.1.12-snapshot.v20250328144410
@clerk/remix 4.5.12-snapshot.v20250328144410
@clerk/shared 3.3.0-snapshot.v20250328144410
@clerk/tanstack-react-start 0.12.3-snapshot.v20250328144410
@clerk/testing 1.4.34-snapshot.v20250328144410
@clerk/vue 1.4.6-snapshot.v20250328144410

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250328144410 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250328144410 --save-exact

@clerk/backend

npm i @clerk/backend@1.25.9-snapshot.v20250328144410 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250328144410 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250328144410 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250328144410 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250328144410 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250328144410 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250328144410 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250328144410 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250328144410 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250328144410 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250328144410 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250328144410 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250328144410 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250328144410 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250328144410 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250328144410 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250328144410 --save-exact

@jacekradko
Copy link
Member Author

jacekradko commented Mar 28, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 28, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250328160021
@clerk/astro 2.4.6-snapshot.v20250328160021
@clerk/backend 1.25.9-snapshot.v20250328160021
@clerk/chrome-extension 2.2.24-snapshot.v20250328160021
@clerk/clerk-js 5.59.0-snapshot.v20250328160021
@clerk/elements 0.23.9-snapshot.v20250328160021
@clerk/clerk-expo 2.9.7-snapshot.v20250328160021
@clerk/expo-passkeys 0.2.1-snapshot.v20250328160021
@clerk/express 1.3.60-snapshot.v20250328160021
@clerk/fastify 2.1.33-snapshot.v20250328160021
@clerk/nextjs 6.12.13-snapshot.v20250328160021
@clerk/nuxt 1.4.7-snapshot.v20250328160021
@clerk/clerk-react 5.25.6-snapshot.v20250328160021
@clerk/react-router 1.1.12-snapshot.v20250328160021
@clerk/remix 4.5.12-snapshot.v20250328160021
@clerk/shared 3.3.0-snapshot.v20250328160021
@clerk/tanstack-react-start 0.12.3-snapshot.v20250328160021
@clerk/testing 1.4.34-snapshot.v20250328160021
@clerk/vue 1.4.6-snapshot.v20250328160021

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250328160021 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250328160021 --save-exact

@clerk/backend

npm i @clerk/backend@1.25.9-snapshot.v20250328160021 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250328160021 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250328160021 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250328160021 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250328160021 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250328160021 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250328160021 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250328160021 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250328160021 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250328160021 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250328160021 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250328160021 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250328160021 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250328160021 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250328160021 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250328160021 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250328160021 --save-exact

@jacekradko
Copy link
Member Author

jacekradko commented Mar 28, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 28, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250328161303
@clerk/astro 2.4.6-snapshot.v20250328161303
@clerk/backend 1.25.9-snapshot.v20250328161303
@clerk/chrome-extension 2.2.24-snapshot.v20250328161303
@clerk/clerk-js 5.59.0-snapshot.v20250328161303
@clerk/elements 0.23.9-snapshot.v20250328161303
@clerk/clerk-expo 2.9.7-snapshot.v20250328161303
@clerk/expo-passkeys 0.2.1-snapshot.v20250328161303
@clerk/express 1.3.60-snapshot.v20250328161303
@clerk/fastify 2.1.33-snapshot.v20250328161303
@clerk/nextjs 6.12.13-snapshot.v20250328161303
@clerk/nuxt 1.4.7-snapshot.v20250328161303
@clerk/clerk-react 5.25.6-snapshot.v20250328161303
@clerk/react-router 1.1.12-snapshot.v20250328161303
@clerk/remix 4.5.12-snapshot.v20250328161303
@clerk/shared 3.3.0-snapshot.v20250328161303
@clerk/tanstack-react-start 0.12.3-snapshot.v20250328161303
@clerk/testing 1.4.34-snapshot.v20250328161303
@clerk/vue 1.4.6-snapshot.v20250328161303

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250328161303 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250328161303 --save-exact

@clerk/backend

npm i @clerk/backend@1.25.9-snapshot.v20250328161303 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250328161303 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250328161303 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250328161303 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250328161303 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250328161303 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250328161303 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250328161303 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250328161303 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250328161303 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250328161303 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250328161303 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250328161303 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250328161303 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250328161303 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250328161303 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250328161303 --save-exact

@jacekradko
Copy link
Member Author

jacekradko commented Mar 28, 2025

!snapshot

@jacekradko
Copy link
Member Author

jacekradko commented Mar 28, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 28, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250328211504
@clerk/astro 2.4.6-snapshot.v20250328211504
@clerk/backend 1.25.9-snapshot.v20250328211504
@clerk/chrome-extension 2.2.24-snapshot.v20250328211504
@clerk/clerk-js 5.59.0-snapshot.v20250328211504
@clerk/elements 0.23.9-snapshot.v20250328211504
@clerk/clerk-expo 2.9.7-snapshot.v20250328211504
@clerk/expo-passkeys 0.2.1-snapshot.v20250328211504
@clerk/express 1.3.60-snapshot.v20250328211504
@clerk/fastify 2.1.33-snapshot.v20250328211504
@clerk/nextjs 6.12.13-snapshot.v20250328211504
@clerk/nuxt 1.4.7-snapshot.v20250328211504
@clerk/clerk-react 5.25.6-snapshot.v20250328211504
@clerk/react-router 1.1.12-snapshot.v20250328211504
@clerk/remix 4.5.12-snapshot.v20250328211504
@clerk/shared 3.3.0-snapshot.v20250328211504
@clerk/tanstack-react-start 0.12.3-snapshot.v20250328211504
@clerk/testing 1.4.34-snapshot.v20250328211504
@clerk/vue 1.4.6-snapshot.v20250328211504

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250328211504 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250328211504 --save-exact

@clerk/backend

npm i @clerk/backend@1.25.9-snapshot.v20250328211504 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250328211504 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250328211504 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250328211504 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250328211504 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250328211504 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250328211504 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250328211504 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250328211504 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250328211504 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250328211504 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250328211504 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250328211504 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250328211504 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250328211504 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250328211504 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250328211504 --save-exact

@jacekradko
Copy link
Member Author

jacekradko commented Mar 28, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 28, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250328213151
@clerk/astro 2.4.6-snapshot.v20250328213151
@clerk/backend 1.25.9-snapshot.v20250328213151
@clerk/chrome-extension 2.2.24-snapshot.v20250328213151
@clerk/clerk-js 5.59.0-snapshot.v20250328213151
@clerk/elements 0.23.9-snapshot.v20250328213151
@clerk/clerk-expo 2.9.7-snapshot.v20250328213151
@clerk/expo-passkeys 0.2.1-snapshot.v20250328213151
@clerk/express 1.3.60-snapshot.v20250328213151
@clerk/fastify 2.1.33-snapshot.v20250328213151
@clerk/nextjs 6.12.13-snapshot.v20250328213151
@clerk/nuxt 1.4.7-snapshot.v20250328213151
@clerk/clerk-react 5.25.6-snapshot.v20250328213151
@clerk/react-router 1.1.12-snapshot.v20250328213151
@clerk/remix 4.5.12-snapshot.v20250328213151
@clerk/shared 3.3.0-snapshot.v20250328213151
@clerk/tanstack-react-start 0.12.3-snapshot.v20250328213151
@clerk/testing 1.4.34-snapshot.v20250328213151
@clerk/vue 1.4.6-snapshot.v20250328213151

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250328213151 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250328213151 --save-exact

@clerk/backend

npm i @clerk/backend@1.25.9-snapshot.v20250328213151 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250328213151 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250328213151 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250328213151 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250328213151 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250328213151 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250328213151 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250328213151 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250328213151 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250328213151 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250328213151 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250328213151 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250328213151 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250328213151 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250328213151 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250328213151 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250328213151 --save-exact

@jacekradko
Copy link
Member Author

jacekradko commented Mar 29, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 29, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250329015344
@clerk/astro 2.4.6-snapshot.v20250329015344
@clerk/backend 1.25.9-snapshot.v20250329015344
@clerk/chrome-extension 2.2.24-snapshot.v20250329015344
@clerk/clerk-js 5.59.0-snapshot.v20250329015344
@clerk/elements 0.23.9-snapshot.v20250329015344
@clerk/clerk-expo 2.9.7-snapshot.v20250329015344
@clerk/expo-passkeys 0.2.1-snapshot.v20250329015344
@clerk/express 1.3.60-snapshot.v20250329015344
@clerk/fastify 2.1.33-snapshot.v20250329015344
@clerk/nextjs 6.12.13-snapshot.v20250329015344
@clerk/nuxt 1.4.7-snapshot.v20250329015344
@clerk/clerk-react 5.25.6-snapshot.v20250329015344
@clerk/react-router 1.1.12-snapshot.v20250329015344
@clerk/remix 4.5.12-snapshot.v20250329015344
@clerk/shared 3.3.0-snapshot.v20250329015344
@clerk/tanstack-react-start 0.12.3-snapshot.v20250329015344
@clerk/testing 1.4.34-snapshot.v20250329015344
@clerk/vue 1.4.6-snapshot.v20250329015344

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250329015344 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250329015344 --save-exact

@clerk/backend

npm i @clerk/backend@1.25.9-snapshot.v20250329015344 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250329015344 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250329015344 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250329015344 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250329015344 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250329015344 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250329015344 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250329015344 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250329015344 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250329015344 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250329015344 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250329015344 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250329015344 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250329015344 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250329015344 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250329015344 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250329015344 --save-exact

@jacekradko jacekradko force-pushed the feat/nextjs-middleware-csp branch from 567fd27 to fe18c38 Compare March 31, 2025 15:53
@jacekradko jacekradko requested a review from Copilot March 31, 2025 15:54
Copilot AI reviewed Mar 31, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a new Content Security Policy (CSP) middleware for Next.js that automatically generates and injects a Clerk-compatible CSP header. Key changes include:

  • Implementation of a new CSP management module (content-security-policy.ts) to build, format, and merge CSP directives.
  • Enhancements to the clerk middleware to inject the CSP header and handle nonce configuration.
  • Comprehensive tests ensuring the correct generation of CSP headers and integration in the app router.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
packages/nextjs/src/server/content-security-policy.ts New module for creating and managing CSP header directives
packages/nextjs/src/server/clerkMiddleware.ts Middleware updated to inject the generated CSP header
packages/nextjs/src/server/tests/content-security-policy.test.ts Added tests to cover CSP header generation and merging
packages/nextjs/src/app-router/server/ClerkProvider.ts Updated to extract and use the nonce from the CSP header
.changeset/vast-clubs-speak.md Changeset metadata documenting the new Clerk-compatible CSP header

@jacekradko
Copy link
Member Author

jacekradko commented Mar 31, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 31, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250331160008
@clerk/astro 2.4.6-snapshot.v20250331160008
@clerk/backend 1.26.0-snapshot.v20250331160008
@clerk/chrome-extension 2.2.24-snapshot.v20250331160008
@clerk/clerk-js 5.59.0-snapshot.v20250331160008
@clerk/elements 0.23.9-snapshot.v20250331160008
@clerk/clerk-expo 2.9.7-snapshot.v20250331160008
@clerk/expo-passkeys 0.2.1-snapshot.v20250331160008
@clerk/express 1.3.60-snapshot.v20250331160008
@clerk/fastify 2.1.33-snapshot.v20250331160008
@clerk/localizations 3.13.5-snapshot.v20250331160008
@clerk/nextjs 6.12.13-snapshot.v20250331160008
@clerk/nuxt 1.4.7-snapshot.v20250331160008
@clerk/clerk-react 5.25.6-snapshot.v20250331160008
@clerk/react-router 1.1.12-snapshot.v20250331160008
@clerk/remix 4.5.12-snapshot.v20250331160008
@clerk/shared 3.3.0-snapshot.v20250331160008
@clerk/tanstack-react-start 0.12.3-snapshot.v20250331160008
@clerk/testing 1.4.34-snapshot.v20250331160008
@clerk/themes 2.2.27-snapshot.v20250331160008
@clerk/types 4.50.2-snapshot.v20250331160008
@clerk/vue 1.4.6-snapshot.v20250331160008

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250331160008 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250331160008 --save-exact

@clerk/backend

npm i @clerk/backend@1.26.0-snapshot.v20250331160008 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250331160008 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250331160008 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250331160008 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250331160008 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250331160008 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250331160008 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250331160008 --save-exact

@clerk/localizations

npm i @clerk/localizations@3.13.5-snapshot.v20250331160008 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250331160008 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250331160008 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250331160008 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250331160008 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250331160008 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250331160008 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250331160008 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250331160008 --save-exact

@clerk/themes

npm i @clerk/themes@2.2.27-snapshot.v20250331160008 --save-exact

@clerk/types

npm i @clerk/types@4.50.2-snapshot.v20250331160008 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250331160008 --save-exact

@jacekradko
Copy link
Member Author

jacekradko commented Mar 31, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Mar 31, 2025

Hey @jacekradko - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.0.17-snapshot.v20250331163215
@clerk/astro 2.4.6-snapshot.v20250331163215
@clerk/backend 1.26.0-snapshot.v20250331163215
@clerk/chrome-extension 2.2.24-snapshot.v20250331163215
@clerk/clerk-js 5.59.0-snapshot.v20250331163215
@clerk/elements 0.23.9-snapshot.v20250331163215
@clerk/clerk-expo 2.9.7-snapshot.v20250331163215
@clerk/expo-passkeys 0.2.1-snapshot.v20250331163215
@clerk/express 1.3.60-snapshot.v20250331163215
@clerk/fastify 2.1.33-snapshot.v20250331163215
@clerk/localizations 3.13.5-snapshot.v20250331163215
@clerk/nextjs 6.12.13-snapshot.v20250331163215
@clerk/nuxt 1.4.7-snapshot.v20250331163215
@clerk/clerk-react 5.25.6-snapshot.v20250331163215
@clerk/react-router 1.1.12-snapshot.v20250331163215
@clerk/remix 4.5.12-snapshot.v20250331163215
@clerk/shared 3.3.0-snapshot.v20250331163215
@clerk/tanstack-react-start 0.12.3-snapshot.v20250331163215
@clerk/testing 1.4.34-snapshot.v20250331163215
@clerk/themes 2.2.27-snapshot.v20250331163215
@clerk/types 4.50.2-snapshot.v20250331163215
@clerk/vue 1.4.6-snapshot.v20250331163215

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.0.17-snapshot.v20250331163215 --save-exact

@clerk/astro

npm i @clerk/astro@2.4.6-snapshot.v20250331163215 --save-exact

@clerk/backend

npm i @clerk/backend@1.26.0-snapshot.v20250331163215 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.2.24-snapshot.v20250331163215 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.59.0-snapshot.v20250331163215 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.9-snapshot.v20250331163215 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.9.7-snapshot.v20250331163215 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.2.1-snapshot.v20250331163215 --save-exact

@clerk/express

npm i @clerk/express@1.3.60-snapshot.v20250331163215 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.1.33-snapshot.v20250331163215 --save-exact

@clerk/localizations

npm i @clerk/localizations@3.13.5-snapshot.v20250331163215 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.12.13-snapshot.v20250331163215 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.4.7-snapshot.v20250331163215 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.25.6-snapshot.v20250331163215 --save-exact

@clerk/react-router

npm i @clerk/react-router@1.1.12-snapshot.v20250331163215 --save-exact

@clerk/remix

npm i @clerk/remix@4.5.12-snapshot.v20250331163215 --save-exact

@clerk/shared

npm i @clerk/shared@3.3.0-snapshot.v20250331163215 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.12.3-snapshot.v20250331163215 --save-exact

@clerk/testing

npm i @clerk/testing@1.4.34-snapshot.v20250331163215 --save-exact

@clerk/themes

npm i @clerk/themes@2.2.27-snapshot.v20250331163215 --save-exact

@clerk/types

npm i @clerk/types@4.50.2-snapshot.v20250331163215 --save-exact

@clerk/vue

npm i @clerk/vue@1.4.6-snapshot.v20250331163215 --save-exact

@jacekradko jacekradko closed this Mar 31, 2025
@jacekradko jacekradko deleted the feat/nextjs-middleware-csp branch March 31, 2025 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

nextjs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jacekradko @clerk-cookie