minor improvements for #2608

This commit is contained in:
Pooya Parsa 2018-01-16 18:41:17 +03:30
parent 5ebf60f2a1
commit 95c85bba62
3 changed files with 11 additions and 7 deletions

View File

@ -306,7 +306,9 @@ Options.defaults = {
weak: false
},
csp: {
allowedSouces: []
enabled: false,
hashAlgorithm: 'sha256',
allowedSources: []
}
},
watchers: {

View File

@ -67,11 +67,12 @@ module.exports = async function nuxtMiddleware(req, res, next) {
res.setHeader('Link', pushAssets.join(','))
}
if (this.options.render.csp.hashAlgorithm) {
let allowedSources = cspScriptSrcHashes.concat(this.options.render.csp.allowedSources)
if (this.options.render.csp && this.options.render.csp.enabled) {
const allowedSources = cspScriptSrcHashes.concat(this.options.render.csp.allowedSources)
res.setHeader(
'Content-Security-Policy',
`script-src 'self' ${(allowedSources || []).join(' ')}`
`script-src 'self' ${(allowedSources).join(' ')}`
)
}

View File

@ -357,11 +357,12 @@ module.exports = class Renderer {
HEAD += context.renderResourceHints()
}
let serializedSession = `window.__NUXT__=${serialize(context.nuxt, {
const serializedSession = `window.__NUXT__=${serialize(context.nuxt, {
isJSON: true
})};`
let cspScriptSrcHashes = []
if (this.options.render.csp.hashAlgorithm) {
const cspScriptSrcHashes = []
if (this.options.render.csp && this.options.render.csp.enabled) {
let hash = crypto.createHash(this.options.render.csp.hashAlgorithm)
hash.update(serializedSession)
cspScriptSrcHashes.push(