This is by no means a comprehensive guide, but React Router provides features to help address a few aspects under the very large umbrella that is Security.
Content-Security-PolicyIf you are implementing a Content-Security-Policy (CSP) in your application, specifically one using the unsafe-inline directive, you will need to specify a nonce attribute on the inline <script> elements rendered in your HTML. This must be specified on any API that generates inline scripts, including:
<Scripts nonce> (root.tsx)<ScrollRestoration nonce> (root.tsx)<ServerRouter nonce> (entry.server.tsx)renderToPipeableStream(..., { nonce }) (entry.server.tsx)renderToReadableStream(..., { nonce }) (entry.server.tsx)