Vite CSP support #454
Replies: 1 comment 9 replies
-
|
Hey @dargmuesli Thanks for this interesting idea! I like where this js going but I would wait for @vejja who is our expert in this area to share his feedback :) |
Beta Was this translation helpful? Give feedback.
-
|
Well, we recently removed the cheerios in favor of regular regexp so I am not sure. Maybe @GalacticHypernova or @vejja would be able to answer it better. And no worries about that. We can come back to this topic after the event and thesis. Thanks for letting us know. I also do have some time consuming activities in the schedule so completely understand :D |
Beta Was this translation helpful? Give feedback.
-
|
What is the priority of this meta tag, if it has a priority? If it just needs to be somewhere in the head we can easily just push it, regardless of cheerio |
Beta Was this translation helpful? Give feedback.
-
|
Afaik it can go anywhere in |
Beta Was this translation helpful? Give feedback.
-
|
Well then that's very easy to implement! html.head.push(`<meta property="csp-nonce" nonce="{the nonce}">`) |
Beta Was this translation helpful? Give feedback.
-
|
Created PR #475 |
Beta Was this translation helpful? Give feedback.
-
Hey @vejja,
I think we can add a meta header that resolves issues with Vite and CSP now:
property="csp-nonce" nonce="..."(docs)maybe in a style similar to this: https://github.com/Baroshem/nuxt-security/blob/8305b48079dc7c0ef83a16d3f6de24dfc41e563b/src/runtime/nitro/plugins/60-cspSsgHashes.ts#L108
I haven't used cheerio before, therefore I'm not sure.
https://github.com/Baroshem/nuxt-security/blob/8305b48079dc7c0ef83a16d3f6de24dfc41e563b/docs/content/1.documentation/2.headers/1.csp.md?plain=1#L222
What do you think? 🎉
cc @Baroshem of course
Beta Was this translation helpful? Give feedback.
All reactions