Hi, thank you so much for the useful package.
I have a static blog website built using Next.js and Strapi headless CMS.
I recently came to know about the Content Security Policy.
But having really a hard time understanding it thoroughly.
I was reading articles about it online and some of them say that it is not required for a static website.
https://csp.withgoogle.com/docs/why-csp.html
https://reesmorris.co.uk/blog/implementing-proper-csp-nextjs-styled-components
My website is an SSG (automatically generated static HTML +JSON).
The only place where the server is involved is the sitemap.xml file which is handled by (pages/api/sitemap.js). I can't generate it statically because of dynamic URLs coming from Strapi.
I have a cookie consent banner on the website and that is the only cookie I think besides Google Analytics & TruConversion Heatmap cookies. (If this is relevant)
I am planning to have a "contact" page on my website in the future and it will contain the contact form. Probably, the only place where users may input data.
I'll be very thankful to you if you suggest to me that whether I actually need a CSP or not.
Hi, thank you so much for the useful package.
I have a static blog website built using Next.js and Strapi headless CMS.
I recently came to know about the Content Security Policy.
But having really a hard time understanding it thoroughly.
I was reading articles about it online and some of them say that it is not required for a static website.
https://csp.withgoogle.com/docs/why-csp.html
https://reesmorris.co.uk/blog/implementing-proper-csp-nextjs-styled-components
My website is an SSG (automatically generated static HTML +JSON).
The only place where the server is involved is the sitemap.xml file which is handled by (pages/api/sitemap.js). I can't generate it statically because of dynamic URLs coming from Strapi.
I have a cookie consent banner on the website and that is the only cookie I think besides Google Analytics & TruConversion Heatmap cookies. (If this is relevant)
I am planning to have a "contact" page on my website in the future and it will contain the contact form. Probably, the only place where users may input data.
I'll be very thankful to you if you suggest to me that whether I actually need a CSP or not.