This may already be well known, or there may be other better approaches. But I was looking for a way to test content-security-policy on my local dev system, and here’s how I put it together.
- Install a reverse proxy on your local dev machine. I used Caddy, following the advice in this video.
- Set ROOT_URL to
https://your_caddy_url(note the https) - Launch Meteor with program argument
--production - Load app in browser at url
https://your_caddy_url(again being sure to include https)