This may already be well known, or there may be other better approaches. But I was looking for a way to test content-security-policy on my local dev system, and here’s how I put it together.
- Install a reverse proxy on your local dev machine. I used Caddy, following the advice in this video.
- Set ROOT_URL to
https://your_caddy_url(note the https)
- Launch Meteor with program argument
- Load app in browser at url
https://your_caddy_url(again being sure to include https)