fix(csp): ensure charset meta at top of head

vejja commented 4 months ago

Closes #444

Types of changes

[x] Bug fix (a non-breaking change which fixes an issue)
[ ] New feature (a non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)

Currently we insert the CSP meta tag as the first element, to make sure it is read by the UA as soon as possible.

However the W3C spec for HTML5 mentions that the charset meta tag should be the first in head

This PR ensures that the CSP meta tag is inserted right after the charset meta tag, if it exists.

[ ] My change requires a change to the documentation.
[ ] I have updated the documentation accordingly.
[x] I have added tests to cover my changes (if not applicable, please state why)

vercel[bot] commented 4 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
nuxt-security	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 7, 2024 4:05pm

Baroshem commented 4 months ago

@vejja could you please resolve conflicts here? They appeared after merging your second (very big) PR :D

vejja commented 4 months ago

Closing this PR in favour of #449, which is v2 compatible