Testing CSP on Local Dev System

This may already be well known, or there may be other better approaches. But I was looking for a way to test content-security-policy on my local dev system, and here’s how I put it together.

  • Install a reverse proxy on your local dev machine. I used Caddy, following the advice in this video.
  • Set ROOT_URL to https://your_caddy_url (note the https)
  • Launch Meteor with program argument --production
  • Load app in browser at url https://your_caddy_url (again being sure to include https)
1 Like