provide nice documentation

[nibtime]

Motivation

Both as a reference for frontend web security for me on top of the lib and for ppl who somehow find this lib and want to use it.

Docs website

https://nextra.vercel.app/ seems really nice for that. Plus, it can be an additional test for the package as is a Next.JS.

Rough Structure

The most ground is already covered in README, which should be made terser when docs site exists.

• Why
• Get Started
• Features
  • Base Configuration of Security Headers with next-safe
  • Strict CSP for hybrid apps
  • Inline Styles in CSP without 'unsafe-inline'
  • CSP Violation Reporting
• Middleware
  • Composing middlewares (chain)
  • Available middlewares
  • nextSafe
  • strictDynamic
  • strictInlineStyles
  • reporting
• Recipies
  • Set up CSP violation reporting with Sentry
• Advanced
  • The fundamental problems of allowlist CSPs

update JSDoc

for nice in-IDE documentation with IntelliSense

• fix typos
• place docs of middleware above withDefaultConfig so it appears in IntelliSense when imported
• describe parameters, return values, and properties were missing and not self-explanatory by name.

Setup MDX docs with Nextra

• intialize docs project
• configure with Next 12.2 middleware and strict CSP so it's itself an e2e test

Additional Resources

• https://kit.svelte.dev/docs/configuration#csp (really good framework integration with extensive typing)
• Content Security Policy support sveltejs/kit#93 (detailed discussion about CSP framework integration that gives many insights)
• https://book.hacktricks.xyz/pentesting-web/content-security-policy-csp-bypass (great resource for the attackers perpective)
• https://web.dev/strict-csp/
• https://github.com/google/strict-csp
• https://nuxtjs.org/docs/configuration-glossary/configuration-render/#csp (provide a real-world CSP sample in docs)