Skip to content
/ vite-plugin-csp Public

Creates typed CSP meta policies and validated interdependant headers. e.g. the CSP, CSP Report-Only, Report-To, and Referrer-Policy headers

License

MIT license
23 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

josh-hemphill/vite-plugin-csp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github
.github
 
 
.husky
.husky
 
 
config
config
 
 
src
src
 
 
tests
tests
 
 
.all-contributorsrc
.all-contributorsrc
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.markdownlint.json
.markdownlint.json
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTORS.md
CONTRIBUTORS.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
cSpell.json
cSpell.json
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

CSP (Content-Security-Policy) Vite Plugin

version NPM Codecov Libraries.io dependency status for latest release Rate on Openbase Test Release

Leverages csp-typed-directives to create typed CSP <meta> policies and validated interdependant headers. e.g. the CSP, CSP Report-Only, Report-To, and Referrer-Policy headers.

Mostly config compatible with csp-html-webpack-plugin

WARNING, STILL EARLY AND THINGS LIKE MODULE RESOLUTION ARE FINICKY

Now looking at making a multi-repo because this is going to require multiple layers of shared functionality and also built to an unplugin

Installation

Install the plugin with npm:

$ npm install --save-dev vite-plugin-csp
# Or shorthand
npm i -D vite-plugin-csp

Known issues

  • Relative modules are resolved relative to the CWD, not the file
  • no SSR support (and thus no nonce support)
  • No parsing of JS embeded sources (since that would require framework specific plugins)
  • Only script and style related directives are supported (except for the inclusion of report-to for generating headers)

Under construction :)

About

Creates typed CSP meta policies and validated interdependant headers. e.g. the CSP, CSP Report-Only, Report-To, and Referrer-Policy headers

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

23 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 5

v1.1.2 Latest
Jun 1, 2022
+ 4 releases

Packages

 
 
 

Contributors 2

  •  
  •  

Languages