Skip to content

STCLI-286 - Add static CSP capabilities to stripes-cli#404

Open
JohnC-80 wants to merge 4 commits into
mainfrom
STCLI-286
Open

STCLI-286 - Add static CSP capabilities to stripes-cli#404
JohnC-80 wants to merge 4 commits into
mainfrom
STCLI-286

Conversation

@JohnC-80

@JohnC-80 JohnC-80 commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

STCLI-286

This will allow you to try out a Content-Security-Policy header locally via stripes serve --existingBuild functionality...

Serving an existing build is the suggested way to do this as it's closest to what's going to be happening in production, otherwise other values have to be added to account for the bundler's way of providing scripts through its dev server.

Usage:
have your CSP content in a text file - ex csp.txt

default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;

Build a platform, serve it with the --existingBuild flag (build defaults to ./output)

yarn stripes serve --existingBuild ./output --csp-file ./csp.txt

The CSP is served as a Content-Security-Policy-Read-Only header and will report in the browser console:
image

@JohnC-80 JohnC-80 requested a review from a team as a code owner July 2, 2026 21:22
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Jest Unit Test Results

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit 3b137c0. ± Comparison against base commit 75983b9.

♻️ This comment has been updated with latest results.

@sonarqubecloud

sonarqubecloud Bot commented Jul 2, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant