Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(csp): support generating nonce for scripts and links in ssr #9621

Merged
merged 4 commits into from Jun 7, 2023
Merged

feat(csp): support generating nonce for scripts and links in ssr #9621

merged 4 commits into from Jun 7, 2023

Conversation

clarkdo
Copy link
Member

@clarkdo clarkdo commented Aug 2, 2021
edited

Types of changes

  • Bug fix (a non-breaking change which fixes an issue)
  • New feature (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Description

Related to #7451

In some cases of CSP like using strict-dynamic, resources in self domain may also be disallowed from loading, so this pr is adding an option generateNonce on CSP for generating a cryptographic nonce to CSP header and HTML resources tags.

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly. (PR: #)
  • I have added tests to cover my changes (if not applicable, please state why)
  • All new and existing tests are passing.

@clarkdo clarkdo requested review from a team, Atinux, pi0 and danielroe and removed request for a team August 2, 2021 14:10
@codecov-commenter
Copy link

Codecov Report

Merging #9621 (8788bf1) into dev (a3b2fd8) will decrease coverage by 0.12%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##              dev    #9621      +/-   ##
==========================================
- Coverage   65.15%   65.03%   -0.13%     
==========================================
  Files          94       94              
  Lines        4107     4115       +8     
  Branches     1126     1130       +4     
==========================================
  Hits         2676     2676              
- Misses       1152     1156       +4     
- Partials      279      283       +4
Flag Coverage Δ
unittests 65.03% <0.00%> (-0.13%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
packages/config/src/options.js 95.83% <ø> (ø)
packages/vue-renderer/src/renderers/ssr.js 0.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a3b2fd8...8788bf1. Read the comment docs.

@danielroe danielroe added the 2.x label Jan 18, 2023
@danielroe
Copy link
Member

Sorry for the long delay in merging this!

@danielroe danielroe merged commit 89204f0 into 2.x Jun 7, 2023
13 checks passed
@danielroe danielroe deleted the feat/nonce branch June 7, 2023 19:10
@danielroe danielroe mentioned this pull request Jun 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Atinux Atinux Atinux approved these changes

@pi0 pi0 Awaiting requested review from pi0

@danielroe danielroe Awaiting requested review from danielroe

Assignees
No one assigned
Labels
2.x enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@clarkdo @codecov-commenter @danielroe @Atinux