Does CloudFlare Pages support CSP?

Greetings, I am using Netlify.

Does CF Pages support setting the Content-Security-Poilcy for a site? Since I am using Single Page Application, I also need setting the Access-Control-Allow-Origin. If it is not set, the internal worker would not be able to access external resources specified in the CSP.

This is a blocking factor for moving from Netlify to CF Pages for me, thanks.

Bump!

Not natively, but you can use a worker to achieve the same thing.

The brand new Security Headers Cloudflare Worker is what I use on my pages sites (albeit with some modifications)

Thanks for reply.
I am waiting for native support. In Netlify (using the free plan now), I just need to specify my rules in a toml file.
Using the CF Worker is more complex and would incur charges.

Are you saying that you’re able to layer your own Worker in front of Pages? I wasn’t sure that was possible, so it’s certainly good to know.

It does now with custom domains, that’s how I have the CSP header on some of my pages sites along with all the other headers like the HSTS header, the X-Frame-Options header and the referrer policy

1 Like

Is an example of one of my pages sites

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.