Recently stopped working - related to Netlify extensions release?

netlify / plugin-csp-nonce

Build plugin to use a nonce for the script-src directive of your site's Content Security Policy.

https://csp-nonce.netlify.app

4 stars 4 forks source link

Recently stopped working - related to Netlify extensions release? #82

Open ryangittings opened 1 month ago

ryangittings commented 1 month ago

Hi,

I have the following config in netlify.toml:

[[plugins]]
  package = "@netlify/plugin-csp-nonce"

  [plugins.inputs]
    reportOnly = false
    excludedPath = [
      "/geo"
    ]

No matter what I do, the deployed version uses content-security-policy-report-only, and therefore breaks the CSP and my existing CSP in headers is Content-Security-Policy, therefore all the new nonce'd inline don't work... This suddenly stopped working recently which is odd...

ehsaan-changa commented 4 weeks ago

Hey,

For me nothing is working . Even this "x-debug-csp-nonce", "invoked" header is not getting set. I have below config in netlify.toml:

[[plugins]] package = "@netlify/plugin-csp-nonce" [plugins.inputs] reportOnly = false excludedPath = [ "/api/*", ]

I think the package is not working anymore. Is it so ??.

ryangittings commented 3 weeks ago

FYI the fix for me was to remove the integration via the UI.

ehsaan-changa commented 3 weeks ago

@ryangittings , Sorry can't get you. Can you please explain ??

ryangittings commented 3 weeks ago

Go to Home -> Extensions then remove the CSP plugin (that's what worked for me).

ehsaan-changa commented 3 weeks ago

What home ?? . Actually i don't have any extensions installed. I just did it via npm package.

There are two ways of doing it . One is via netlify configuration and 2nd is via npm plugin. I choose 2nd one and it's not working.