Forward CSP Headers set with HelmetJS

Support
1

Hello,

I’m deploying my SapperJs website on Netlify.

I wanted to apply good security practices by settings headers but the framework is using inline js and eval. To set headers, they recommend to use HelmetJs and add a nonce: Docs • Sapper

After doing that, it was working on local but saw that Netlify block my configuration for his own configuration: Custom headers | Netlify Docs

I was wondering how to bypass the Netlify configuration and allow it to forward was I set with HelmetJS.

Thanks for your help !

2

Hi @brainlulz, you can pass your own custom headers by setting them in a _headers file or a netlify.toml. You can’t set headers from within your site’s JS. The example on the sapper site is using express.js to set the header, but that isn’t the case here.