CSP Violation Fixes for script-src "Webpack" #1395
Conversation
Also related is #1232 |
@benmccann I have reduced the scope of this PR to just deal with |
This looks to me like it's going to generate |
@benmccann I don't think an empty script tag will be added. I verified it as well. Attaching the screenshot below. |
Line 296 can give you more context as well https://github.com/sveltejs/sapper/pull/1395/files#diff-9c713b090053bf2158dc7db4484fb401R296 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the explanation! This looks okay to me
Before submitting the PR, please make sure you do the following
'nonce-{nonce}'
in CSP header for script-src prevents execution of main file because of the absence of nonce attribute.npm run lint
!)Tests
npm test
oryarn test
)