mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-27 08:02:01 +00:00
minor improvements for #2608
This commit is contained in:
parent
5ebf60f2a1
commit
95c85bba62
@ -306,7 +306,9 @@ Options.defaults = {
|
||||
weak: false
|
||||
},
|
||||
csp: {
|
||||
allowedSouces: []
|
||||
enabled: false,
|
||||
hashAlgorithm: 'sha256',
|
||||
allowedSources: []
|
||||
}
|
||||
},
|
||||
watchers: {
|
||||
|
@ -67,11 +67,12 @@ module.exports = async function nuxtMiddleware(req, res, next) {
|
||||
res.setHeader('Link', pushAssets.join(','))
|
||||
}
|
||||
|
||||
if (this.options.render.csp.hashAlgorithm) {
|
||||
let allowedSources = cspScriptSrcHashes.concat(this.options.render.csp.allowedSources)
|
||||
if (this.options.render.csp && this.options.render.csp.enabled) {
|
||||
const allowedSources = cspScriptSrcHashes.concat(this.options.render.csp.allowedSources)
|
||||
|
||||
res.setHeader(
|
||||
'Content-Security-Policy',
|
||||
`script-src 'self' ${(allowedSources || []).join(' ')}`
|
||||
`script-src 'self' ${(allowedSources).join(' ')}`
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -357,11 +357,12 @@ module.exports = class Renderer {
|
||||
HEAD += context.renderResourceHints()
|
||||
}
|
||||
|
||||
let serializedSession = `window.__NUXT__=${serialize(context.nuxt, {
|
||||
const serializedSession = `window.__NUXT__=${serialize(context.nuxt, {
|
||||
isJSON: true
|
||||
})};`
|
||||
let cspScriptSrcHashes = []
|
||||
if (this.options.render.csp.hashAlgorithm) {
|
||||
|
||||
const cspScriptSrcHashes = []
|
||||
if (this.options.render.csp && this.options.render.csp.enabled) {
|
||||
let hash = crypto.createHash(this.options.render.csp.hashAlgorithm)
|
||||
hash.update(serializedSession)
|
||||
cspScriptSrcHashes.push(
|
||||
|
Loading…
Reference in New Issue
Block a user