Forward CSP Headers set with HelmetJS


I’m deploying my SapperJs website on Netlify.

I wanted to apply good security practices by settings headers but the framework is using inline js and eval. To set headers, they recommend to use HelmetJs and add a nonce:

After doing that, it was working on local but saw that Netlify block my configuration for his own configuration:

I was wondering how to bypass the Netlify configuration and allow it to forward was I set with HelmetJS.

Thanks for your help !

Hi @brainlulz, you can pass your own custom headers by setting them in a _headers file or a netlify.toml. You can’t set headers from within your site’s JS. The example on the sapper site is using express.js to set the header, but that isn’t the case here.