sheetsj’s avatarsheetsj’s Twitter Archive—№ 3,355

              1. Who knew setting a strict Content Security Policy would be so hard to do when using a library dependent on CSS-in-JS like Material-UI?
                Permalink On twitter.com Twitter logo sheetsj’s avatar ♻️ 1 Retweets ❤️ 2 Favorites Mood +1 🙂
            1. …in reply to @sheetsj
              In short, you must set a nonce in a header, and provide it in the served index.html file material-ui.com/css-in-js/advanced/#content-security-policy-csp
              Permalink On twitter.com Twitter logo sheetsj’s avatar Mood 0
          1. …in reply to @sheetsj
            When using AWS S3 + Cloudfront that means using a Lambda@Edge script to set the header aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers-using-lambdaedge-and-amazon-cloudfront/
            Permalink On twitter.com Twitter logo sheetsj’s avatar Mood 0
        1. …in reply to @sheetsj
          But injecting a nonce into the rendered html isn’t currently easily possible with Lambda@Edge. You must get hacky engineering.dubsmash.com/how-dubsmash-uses-lambda-edge-to-serve-dynamic-spa-using-s3-1ba865d34512
          Permalink On twitter.com Twitter logo sheetsj’s avatar Mood 0
      1. …in reply to @sheetsj
        All of this to get an A rating on observatory.mozilla.org/
        Permalink On twitter.com Twitter logo sheetsj’s avatar Mood 0
    1. …in reply to @sheetsj
      Nothing really custom in there though — its all pretty generic
      Permalink On twitter.com Twitter logo sheetsj’s avatar Mood +1 🙂
  1. …in reply to @sheetsj
    Would be great for web security if @awscloud added this feature enabled by a checkbox config in @cloudfront
    On twitter.com Twitter logo sheetsj’s avatar ❤️ 1 Favorite Mood +3 🙂
    1. …in reply to @sheetsj
      Unless the @QuinnyPig or @jeremy_daly twitterverse knows of an existing easy serverless way?
      Permalink On twitter.com Twitter logo sheetsj’s avatar Mood +1 🙂