csp_nonce_html_transformer

Use a nonce for the script-src directive of your Content Security Policy (CSP) to help prevent cross-site scripting (XSS) attacks.

This functions takes a response and will add a header and transforms the HTML response body to contain a unique nonce on every request.

Scripts that do not contain a matching nonce attribute, or that were not created from a trusted script (see strict-dynamic), will not be allowed to run.

If the response already has a CSP, this will merge the directives it generates with your the directives.

License

This project is licensed under the BSD 3-Clause license.

csp_nonce_html_transformer is based on remorses/htmlrewriter which is BSD 3-Clause licensed.

Name		Name	Last commit message	Last commit date
Latest commit History 109 Commits
.cargo		.cargo
.github/workflows		.github/workflows
pkg		pkg
scripts		scripts
src		src
tests		tests
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md
build-and-test		build-and-test
deno.json		deno.json
deno.lock		deno.lock
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

csp_nonce_html_transformer

License

About

Releases

Packages

Contributors 4

Languages

License

netlify/csp_nonce_html_transformer

Folders and files

Latest commit

History

Repository files navigation

csp_nonce_html_transformer

License

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Contributors 4

Languages

Packages