search

nibtime / next-safe-middleware

Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/
https://next-safe-middleware.vercel.app
MIT License
78 stars 20 forks source link

Fix require-trusted-types-for #76

Open dragonbear-os opened 1 year ago

dragonbear-os commented 1 year ago

This is a fix for #75

I added "script" to the set of literal directive values and added a test for it.

I couldn't get the tests to run without using --runInBand which runs all the tests in a single thread which exposed that empty was getting reused across tests. So I changed the uses of empty to create a new object rather than use the one shared constant.

changeset-bot[bot] commented 1 year ago

🦋 Changeset detected

Latest commit: fa7c4b0169164610aabe6cc2800d59645007f091

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages | Name | Type | | --------------------- | ----- | | @strict-csp/builder | Patch | | @next-safe/middleware | Patch | | docs | Patch | | e2e | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

vercel[bot] commented 1 year ago

Someone is attempting to deploy a commit to a Personal Account owned by @nibtime on Vercel.

@nibtime first needs to authorize it.

vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
docs-next-safe-middleware ✅ Ready (Inspect) Visit Preview Sep 15, 2022 at 6:02PM (UTC)
danfsd commented 1 year ago

@nibtime can you please check this one?

danfsd commented 1 year ago

It looks like @nibtime is unresponsive... @boennemann could you take a look into this PR?

I need require-trusted-types-for to work for an incoming audit and this PR made it work for me