Skip to content

google/strict-csp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits

.github/workflows

.github/workflows

 
 

strict-csp-html-webpack-plugin

strict-csp-html-webpack-plugin

 
 

strict-csp

strict-csp

 
 

.gitignore

.gitignore

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

DEVELOP.md

DEVELOP.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

dev-setup.sh

dev-setup.sh

 
 

undo-dev-setup.sh

undo-dev-setup.sh

 
 

Repository files navigation

Glossary

  • CSP (content-security-policy): A layer of security that can be added to web apps as an HTTP header or meta tag. Source: MDN
  • Strict CSP: A specific set of CSP directives that has been identified as an effective and deployable mitigation against XSS (cross-site scripting). XSS is one of the most widespread sedcurity exploits. Source: w3c.
  • SPA (single-page application): a web app implementation that loads a single web document. When different content needs to be shown, it updates the body content of that document. Source: MDN

About this repo

Two codebases are in this repo:

  • strict-csp: a bundler-agnostic library, that can be used to generate a CSP. Go to strict-csp

  • strict-csp-html-webpack-plugin: a webpack plugin that configures a strict, hash-based CSP for an SPA. It uses the strict-csp library to form a CSP and hooks into the popular HtmlWebpackPlugin to set up this CSP as a meta HTML tag. Go to strict-csp-html-webpack-plugin

Both of these are available as separate npm packages.

Setup for development purposes

See DEVELOP.md.

Resources

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

35 stars

Watchers

4 watching

Forks

9 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages