mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-26 23:52:06 +00:00
fix(csp): apply right csp header when status code is 304 (#8352)
This commit is contained in:
parent
691f21c683
commit
135456f051
@ -36,6 +36,14 @@ export default ({ options, nuxt, renderRoute, resources }) => async function nux
|
||||
res.statusCode = context.nuxt.error.statusCode || 500
|
||||
}
|
||||
|
||||
if (options.render.csp && cspScriptSrcHashes) {
|
||||
const { allowedSources, policies } = options.render.csp
|
||||
const isReportOnly = !!options.render.csp.reportOnly
|
||||
const cspHeader = isReportOnly ? 'Content-Security-Policy-Report-Only' : 'Content-Security-Policy'
|
||||
|
||||
res.setHeader(cspHeader, getCspString({ cspScriptSrcHashes, allowedSources, policies, isReportOnly }))
|
||||
}
|
||||
|
||||
// Add ETag header
|
||||
if (!error && options.render.etag) {
|
||||
const { hash } = options.render.etag
|
||||
@ -69,14 +77,6 @@ export default ({ options, nuxt, renderRoute, resources }) => async function nux
|
||||
}
|
||||
}
|
||||
|
||||
if (options.render.csp && cspScriptSrcHashes) {
|
||||
const { allowedSources, policies } = options.render.csp
|
||||
const isReportOnly = !!options.render.csp.reportOnly
|
||||
const cspHeader = isReportOnly ? 'Content-Security-Policy-Report-Only' : 'Content-Security-Policy'
|
||||
|
||||
res.setHeader(cspHeader, getCspString({ cspScriptSrcHashes, allowedSources, policies, isReportOnly }))
|
||||
}
|
||||
|
||||
// Send response
|
||||
res.setHeader('Content-Type', 'text/html; charset=utf-8')
|
||||
res.setHeader('Accept-Ranges', 'none') // #3870
|
||||
|
Loading…
Reference in New Issue
Block a user