Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(CSP): nonce support #11958

Closed
wants to merge 1 commit into from
Closed

fix(CSP): nonce support #11958

wants to merge 1 commit into from

Conversation

maccuaa
Copy link
Contributor

@maccuaa maccuaa commented Feb 6, 2023

Description

Currently, if you include a nonce attribute on script or style tags in your html file, Vite will strip it out. See discussion #5218

This PR adds a new build option for specifying a nonce placeholder. If specified, script and link tags will include the nonce placeholder in the generated HTML. This allows applications to support nonces in their Content Security Policy.

Fixes #9719

The downside of this PR is it includes yet another option to the build config which goes against the Think Before Adding Yet Another Option
 section of the PR guide.

Ideally, this could be achieved by just not stripping out the nonce tag building your app.

Related PRs

What is the purpose of this pull request?

  • Bug fix
  • New Feature
  • Documentation update
  • Other

Before submitting the PR, please make sure you do the following

  • Read the Contributing Guidelines.
  • Read the Pull Request Guidelines and follow the PR Title Convention.
  • Check that there isn't already a PR that solves the problem the same way to avoid creating a duplicate.
  • Provide a description in this PR that addresses what the PR is solving, or reference the issue that it solves (e.g. fixes #123).
  • Ideally, include relevant tests that fail without this PR but pass with it.

@holtolee
Copy link

holtolee commented May 3, 2023

@maccuaa hello, can you resolve conflicts and this
image

to maybe merge faster ? 🤔

Thank you for your work 👌🏻

@Niputi Niputi changed the title Nonce support (fixes #9719) fix(CSP): Nonce support May 3, 2023
@Niputi Niputi changed the title fix(CSP): Nonce support fix(CSP): nonce support May 3, 2023
@Niputi Niputi added the p2-nice-to-have Not breaking anything but nice to have (priority) label May 3, 2023
@maccuaa maccuaa force-pushed the nonce-support branch 2 times, most recently from 9049c92 to 0c6b3c7 Compare May 7, 2023 17:52
@maccuaa
Copy link
Contributor Author

maccuaa commented May 7, 2023

@maccuaa hello, can you resolve conflicts and this image

to maybe merge faster ? 🤔

Thank you for your work 👌🏻

Done!

@maccuaa
feat: add nonce placeholder support
8aaf949 
add support for including a nonce placeholder in html script and link tags
@sapphi-red sapphi-red mentioned this pull request Oct 16, 2023
Closed
12 tasks
@sapphi-red sapphi-red mentioned this pull request Feb 28, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@holtolee holtolee holtolee approved these changes

@73k05 73k05 73k05 approved these changes

Assignees
No one assigned
Labels
p2-nice-to-have Not breaking anything but nice to have (priority)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

nonce tag in __vitePreload (CSP)
4 participants
@maccuaa @holtolee @73k05 @Niputi