Welcome to react-csp 👋


> A npm package/plugin that generates Content Security Policy for create-react-app without eject or rewired.

$3

Install

``sh
npm install react-csp --save-dev
Or
npm install react-csp -g
`

Prerequisite

1. Make sure you have nodejs 8+ installed.
2. Your react is generated with create-react-app
3. index.html should be located in public/index.html

Usage

Create a file named either csp.json or csp.js in the root directory of your project.

React folder structure:

`
root:
csp.js
.gitignore
package.json
public/index.html
src/index.js
rest of the files...
`

The content in the file should be similar to the following:

csp.js

`
module.exports = {
dev: {
"default-src": ["'self'"],
"style-src": [
"'self'",
"https://*.google.com",
]
},
prod: {
"default-src": "'self'", // can be either a string or an array.
"style-src": [
"'self'",
"https://*.facebook.com",
],
"connect-src": [
"'self'",
"https://mybackend.com"
]
}
}
`

Or
csp.json

`
{
dev: {
"default-src": ["'self'"],
"style-src": [
"'self'",
"https://*.google.com",
]
},
prod: {
"default-src": "'self'", // can be either a string or an array.
"style-src": [
"'self'",
"https://*.facebook.com",
],
"connect-src": [
"'self'",
"https://mybackend.com"
]
}
}
`

For more config, please refer to MDN.

For dev environment:

Run react-csp dev in the command line.

For prod environment:

Run react-csp prod in the command line.

The recommented approach is to put the following in your package.json so that CSP in only generated when deploying to production/staging:

`
{
"scripts": {
"build": "react-csp dev && react-scripts build"
}
}
`

Custom file name

react-csp dev --filename=any.html
or
react-csp dev --f=any.html

Run tests

`sh
npm run test
``

Author

👤 YIZHUANG

- Github: @YIZHUANG

Show your support

Give a ⭐️ if this project helped you!

---

_This Project including README, LICENSE, package.json, contributing etc was generated with ❤️ by git-repo-npm-bootster_