UNPKG

react-router

Version:

Declarative routing for React

github.com/remix-run/react-router

remix-run/react-router

31 lines (22 loc) 1.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
--- title: Security --- # Security [MODES: framework] <br/> <br/> This is by no means a comprehensive guide, but React Router provides features to help address a few aspects under the _very large_ umbrella that is _Security_. ## `Content-Security-Policy` If you are implementing a [Content-Security-Policy (CSP)][csp] in your application, specifically one using the `unsafe-inline` directive, you will need to specify a [`nonce`][nonce] attribute on the inline `<script>` elements rendered in your HTML. This must be specified on any API that generates inline scripts, including: - [`<Scripts nonce>`][scripts] (`root.tsx`) - [`<ScrollRestoration nonce>`][scrollrestoration] (`root.tsx`) - [`<ServerRouter nonce>`][serverrouter] (`entry.server.tsx`) - [`renderToPipeableStream(..., { nonce })`][renderToPipeableStream] (`entry.server.tsx`) - [`renderToReadableStream(..., { nonce })`][renderToReadableStream] (`entry.server.tsx`) [csp]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP [nonce]: https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce [renderToPipeableStream]: https://react.dev/reference/react-dom/server/renderToPipeableStream [renderToReadableStream]: https://react.dev/reference/react-dom/server/renderToReadableStream [scripts]: ../api/components/Scripts [scrollrestoration]: ../api/components/ScrollRestoration [serverrouter]: ../api/framework-routers/ServerRouter