Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(csp): hashStyles option #278

Merged
merged 2 commits into from
Nov 9, 2023
Merged

feat(csp): hashStyles option #278

merged 2 commits into from
Nov 9, 2023

Conversation

vejja
Copy link
Collaborator

@vejja vejja commented Nov 3, 2023

Types of changes

  • Bug fix (a non-breaking change which fixes an issue)
  • New feature (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

A user must be able to skip adding hashes to the 'style-src' policy
This is because adding even one hash cancels 'unsafe-inline'

Note: this is only for SSG

Description

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes (if not applicable, please state why)

@vercel Vercel
Copy link

vercel bot commented Nov 3, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
nuxt-security ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 9, 2023 11:50am

Baroshem
Baroshem reviewed Nov 3, 2023
View reviewed changes
src/defaultConfig.ts Outdated Show resolved Hide resolved
src/types/index.ts Outdated
@@ -6,6 +6,7 @@ import type { AllowedHTTPMethods, BasicAuth, CorsOptions, RateLimiter, RequestSi

export type Ssg = {
hashScripts?: boolean;
hashStyles?: boolean;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: Could you also please add it to the configuration documentation page where the default config is displayed?

@Baroshem
Copy link
Collaborator

Baroshem commented Nov 7, 2023

@vejja could you please add the recommendations I mentioned? I would love to merge this PR now so that we can plan to release it with the next RC version :)

@vejja
Copy link
Collaborator Author

vejja commented Nov 7, 2023
edited
Loading

Hey @Baroshem : isn't it covered in the CSP section now ?
Edit: sorry, I didn't catch your 2nd comment - will add the default config value now

@vejja
Copy link
Collaborator Author

vejja commented Nov 7, 2023

Let me know if this looks ok?

@Baroshem Baroshem merged commit 5e843b7 into nuxt-modules:chore/1.0.0-rc.4 Nov 9, 2023
2 checks passed
@Baroshem
Copy link
Collaborator

Baroshem commented Nov 9, 2023

Nice work, thank you! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Baroshem Baroshem Baroshem approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vejja @Baroshem