Reputation: 446
Can a Content Security Policy be set for the SPA mode of NUXT
I'm creating a site using Nuxt and I'm trying to set the CSP for the site. I am setting this via the csp property in the nuxt.config.js file.
My understanding of CSPs is that it is a header that is set by the hosting server. I know you can set them as a meta tag in HTML but I wish to set a report-URI for the policy.
Now I'm using the spa mode for Nuxt, so my thinking is that this csp setting is only for the SSR mode which would make sense. I can not find anywhere in the docs that explicitly says it's unavailable for a certain mode. Link to Docs
I'm trying to find out whether it's possible to set this via the config file as I would prefer to do this instead of setting this on the hosting server.
Has anyone come across this in their experience with Nuxt? Any insight into this would be much appreciated
Upvotes: 2
Views: 1169
Answers (1)
Reputation: 1099
No, you can't use Nuxt for this in SPA mode. Nuxt in SPA mode is just a bunch of static files and doesn't concern itself with the actual HTTP response.
Upvotes: 1
Related Questions
- Content Security Policy in Nuxt.js
- Can we use Nuxt as SPA only?
- Refused to load the script CSP
- Change Nuxt.js SPA mode to Universal mode
- Nuxt + Vuetify using Content Security Policy (CSP) header inline styling
- Content Security Policy nuxtjs embedding youtube videos
- CSP Setting in NUXT
- Content Security Policy reject XSS attacks in v-html
- Create SPA in Nuxt.js
- how to configure csp in nuxt