Content Security Policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.

Nalth automatically generates a strict CSP for your application.

Development Mode

In dev, Nalth uses a relaxed policy that allows for hot module replacement (HMR) but still blocks obvious violations. We use a nonce-based approach to allow scripts.

Production Mode

In production, Nalth generates a rigorous policy. It hashes your inline scripts and styles (SSRI) or uses nonces, ensuring that only code you authored runs.

Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-random123';