feat(csp): support style nonce in development

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

https://nuxt-security.vercel.app/

MIT License

737 stars 56 forks source link

feat(csp): support style nonce in development #475

Open dargmuesli opened 2 weeks ago

dargmuesli commented 2 weeks ago

Types of changes

[ ] Bug fix (a non-breaking change which fixes an issue)
[x] New feature (a non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)

Description

Allows to use "'nonce-{{nonce}}'" placeholder on style-src policy in development. Resolves discussion #454.

Checklist:

[x] My change requires a change to the documentation.
[x] I have updated the documentation accordingly.
[ ] I have added tests to cover my changes (if not applicable, please state why)

Not sure how to run tests for development mode.

vercel[bot] commented 2 weeks ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
nuxt-security	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 12, 2024 10:08am

dargmuesli commented 2 weeks ago

@vejja @GalacticHypernova would you be so kind to review? :pray:

dargmuesli commented 2 weeks ago

I've tested this change in my projects and it works fine. Without this change having a nonce in style-src results in With this change there is no such error in development any more :partying_face:

GalacticHypernova commented 2 weeks ago

Seems good to me at a first glance, will do some local testing soon. Thanks for making this PR! I was planning on making it but got a little busy with life.