Defaul CSP crashing site for scripts injected after hydration

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

https://nuxt-security.vercel.app/

MIT License

743 stars 56 forks source link

Defaul CSP crashing site for scripts injected after hydration #480

Closed moshetanzer closed 1 week ago

moshetanzer commented 1 week ago

Version

nuxt-security: nuxt:

Reproduction Link

Hi,

For some reason it seems like scripts being injected after hydration are crashing site due to hash mismatch with csp default settings? does this make sense?

vejja commented 1 week ago

It doesn't make sense if you inject scripts with our recommended method which is useScript, or alternatively useHead. Can you share a bit more details on how you inject scripts after hydration ?

moshetanzer commented 1 week ago

https://github.com/Baroshem/nuxt-security/issues/482

Misdiagnose. But the above is exaclty my issue