fix(csp): ensure charset meta at top of head

vejja commented 1 month ago

Closes #444

Types of changes

[x] Bug fix (a non-breaking change which fixes an issue)
[ ] New feature (a non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)

Currently we insert the CSP meta tag as the first element, to make sure it is read by the UA as soon as possible.

However the W3C spec for HTML5 mentions that the charset meta tag should be the first in head

This PR ensures that the CSP meta tag is inserted right after the charset meta tag, if it exists.

[ ] My change requires a change to the documentation.
[ ] I have updated the documentation accordingly.
[x] I have added tests to cover my changes (if not applicable, please state why)

vercel[bot] commented 1 month ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
nuxt-security	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 10, 2024 1:52pm

vejja commented 1 month ago

I'm closing #445 in favour of this version, which is v2-compatible

uses the recombineHtml step to generate meta instead of the spSsgHashes step
uses regex instead of cheerio, in anticipation of completely dropping cheerio in v2

frederikheld commented 1 month ago

Thank you very much! ♥