New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: write cspNonce to style tags #16419
Conversation
Run & review this pull request in StackBlitz Codeflow. |
8b92a39
to
96353ba
Compare
/ecosystem-ci run |
📝 Ran ecosystem CI on
✅ analogjs, astro, histoire, ladle, laravel, marko, previewjs, quasar, qwik, rakkas, remix, sveltekit, unocss, vike, vite-plugin-pwa, vite-plugin-react, vite-plugin-react-pages, vite-plugin-react-swc, vite-plugin-svelte, vite-plugin-vue, vite-setup-catalogue, vitepress, vitest |
@thebanjomatic would you resolve the conflicts? We discussed about this in the last team meeting and it was decided to move forward with it in a patch. |
16b9a8c
96353ba
to
16b9a8c
Compare
@patak-dev conflicts are resolved now. Thanks! |
## 5.2.11 (2024-05-02) * feat: improve dynamic import variable failure error message (#16519) ([f8feeea](vitejs/vite@f8feeea)), closes [#16519](vitejs/vite#16519) * fix: dynamic-import-vars plugin normalize path issue (#16518) ([f71ba5b](vitejs/vite@f71ba5b)), closes [#16518](vitejs/vite#16518) * fix: scripts and styles were missing from built HTML on Windows (#16421) ([0e93f58](vitejs/vite@0e93f58)), closes [#16421](vitejs/vite#16421) * fix(deps): update all non-major dependencies (#16488) ([2d50be2](vitejs/vite@2d50be2)), closes [#16488](vitejs/vite#16488) * fix(deps): update all non-major dependencies (#16549) ([2d6a13b](vitejs/vite@2d6a13b)), closes [#16549](vitejs/vite#16549) * fix(dev): watch publicDir explicitly to include it outside the root (#16502) ([4d83eb5](vitejs/vite@4d83eb5)), closes [#16502](vitejs/vite#16502) * fix(preload): skip preload for non-static urls (#16556) ([bb79c9b](vitejs/vite@bb79c9b)), closes [#16556](vitejs/vite#16556) * fix(ssr): handle class declaration and expression name scoping (#16569) ([c071eb3](vitejs/vite@c071eb3)), closes [#16569](vitejs/vite#16569) * fix(ssr): handle function expression name scoping (#16563) ([02db947](vitejs/vite@02db947)), closes [#16563](vitejs/vite#16563) ## 5.2.10 (2024-04-20) * revert: perf: use workspace root for fs cache (#15712) (#16476) ([77e7359](vitejs/vite@77e7359)), closes [#15712](vitejs/vite#15712) [#16476](vitejs/vite#16476) * fix: add base to virtual html (#16442) ([721f94d](vitejs/vite@721f94d)), closes [#16442](vitejs/vite#16442) * fix: adjust esm syntax judgment logic (#16436) ([af72eab](vitejs/vite@af72eab)), closes [#16436](vitejs/vite#16436) * fix: don't add outDirs to watch.ignored if emptyOutDir is false (#16453) ([6a127d6](vitejs/vite@6a127d6)), closes [#16453](vitejs/vite#16453) * fix(cspNonce): don't overwrite existing nonce values (#16415) ([b872635](vitejs/vite@b872635)), closes [#16415](vitejs/vite#16415) * feat: show warning if root is in build.outDir (#16454) ([11444dc](vitejs/vite@11444dc)), closes [#16454](vitejs/vite#16454) * feat: write cspNonce to style tags (#16419) ([8e54bbd](vitejs/vite@8e54bbd)), closes [#16419](vitejs/vite#16419) * chore(deps): update dependency eslint-plugin-n to v17 (#16381) ([6cccef7](vitejs/vite@6cccef7)), closes [#16381](vitejs/vite#16381)
## 5.2.11 (2024-05-02) * feat: improve dynamic import variable failure error message (#16519) ([f8feeea](vitejs/vite@f8feeea)), closes [#16519](vitejs/vite#16519) * fix: dynamic-import-vars plugin normalize path issue (#16518) ([f71ba5b](vitejs/vite@f71ba5b)), closes [#16518](vitejs/vite#16518) * fix: scripts and styles were missing from built HTML on Windows (#16421) ([0e93f58](vitejs/vite@0e93f58)), closes [#16421](vitejs/vite#16421) * fix(deps): update all non-major dependencies (#16488) ([2d50be2](vitejs/vite@2d50be2)), closes [#16488](vitejs/vite#16488) * fix(deps): update all non-major dependencies (#16549) ([2d6a13b](vitejs/vite@2d6a13b)), closes [#16549](vitejs/vite#16549) * fix(dev): watch publicDir explicitly to include it outside the root (#16502) ([4d83eb5](vitejs/vite@4d83eb5)), closes [#16502](vitejs/vite#16502) * fix(preload): skip preload for non-static urls (#16556) ([bb79c9b](vitejs/vite@bb79c9b)), closes [#16556](vitejs/vite#16556) * fix(ssr): handle class declaration and expression name scoping (#16569) ([c071eb3](vitejs/vite@c071eb3)), closes [#16569](vitejs/vite#16569) * fix(ssr): handle function expression name scoping (#16563) ([02db947](vitejs/vite@02db947)), closes [#16563](vitejs/vite#16563) ## 5.2.10 (2024-04-20) * revert: perf: use workspace root for fs cache (#15712) (#16476) ([77e7359](vitejs/vite@77e7359)), closes [#15712](vitejs/vite#15712) [#16476](vitejs/vite#16476) * fix: add base to virtual html (#16442) ([721f94d](vitejs/vite@721f94d)), closes [#16442](vitejs/vite#16442) * fix: adjust esm syntax judgment logic (#16436) ([af72eab](vitejs/vite@af72eab)), closes [#16436](vitejs/vite#16436) * fix: don't add outDirs to watch.ignored if emptyOutDir is false (#16453) ([6a127d6](vitejs/vite@6a127d6)), closes [#16453](vitejs/vite#16453) * fix(cspNonce): don't overwrite existing nonce values (#16415) ([b872635](vitejs/vite@b872635)), closes [#16415](vitejs/vite#16415) * feat: show warning if root is in build.outDir (#16454) ([11444dc](vitejs/vite@11444dc)), closes [#16454](vitejs/vite#16454) * feat: write cspNonce to style tags (#16419) ([8e54bbd](vitejs/vite@8e54bbd)), closes [#16419](vitejs/vite#16419) * chore(deps): update dependency eslint-plugin-n to v17 (#16381) ([6cccef7](vitejs/vite@6cccef7)), closes [#16381](vitejs/vite#16381)
Description
Split off from #16415. This PR will set the nonce attribute for any inline <style> tags in the html if
html.cspNonce
is set. This probably shouldn't be merged until #16415 gets merged to avoid writing a second nonce attribute for any existing <style nonce=""> tags, otherwise this change would be breaking.See comment from @sapphi-red