Closed cesxhin closed 2 months ago
@cesxhin bug confirmed, can reproduce
Regression introduced by #408 in function setNonceInCsp
Blaming https://github.com/Baroshem/nuxt-security/pull/408/commits/3248ea1933072939a043be345fe9f5740af2fa8b#diff-26212f23d270802b4b1588992c6125c83a6c59a138cc290b0017f01151716a1aR54
Will fix Thanks for the report
@Baroshem PR #429 fixes, would you like a temporary patch for this one first ?
@vejja
I think we can waint until the release of the next major with your PR.
I want to look at it this week to release preferably on thursday a new version if that is ok with you :)
Sounds good to me
@cesxhin the regression is on boolean values for 'upgrade-insecure-requests' and 'img-src', which you are trying to set to false
.
Before we fix on Thursday, you could use { 'img-src': ["'none'"] }
, and maybe live with the default for upgrade-insecure-requests
?
Sounds good to me @cesxhin the regression is on boolean values for 'upgrade-insecure-requests' and 'img-src', which you are trying to set to
false
. Before we fix on Thursday, you could use{ 'img-src': ["'none'"] }
, and maybe live with the default forupgrade-insecure-requests
?
Thanks for the immediate replies.
For the moment I have set the version v1.2.2 and I wait when they release. I'm in no hurry.
Version
nuxt-security: v1.3.2 nuxt: v3.11.2
Reproduction
https://codesandbox.io/p/live/833607a5-4e18-4517-99f3-552549b9b9dd
With code sandbox it would seem to work well but on my PC it doesn't.
I cleaned .nuxt, node_modules and package-lock and reinstalled everything and same result.
I cannot share the entire code which is confidential. This is the nuxt-security configuration:
Steps to reproduce
Set any value inside contentSecurityPolicy.
What is Expected?
Not show errors of script-src and hash validation.
What is actually happening?
Show errors of script-src and hash validation.