Zengtudor/Nuxt
1
0
Fork 0
mirror of https://github.com/nuxt/nuxt.git synced 2024-11-27 16:12:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Fix CSP in development mode, add unsafe-eval

Browse Source
This commit is contained in:
Sébastien Chopin 2018-04-13 12:37:32 +02:00
parent 0df0b8bebc
commit a02935c15f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/middleware/nuxt.js
View File

@ -71,10 +71,10 @@ export default async function nuxtMiddleware(req, res, next) {
if (this.options.render.csp && this.options.render.csp.enabled) {
const allowedSources = this.options.render.csp.allowedSources
const policies = this.options.render.csp.policies
let cspStr = `script-src 'self' ${(cspScriptSrcHashes).join(' ')}`
let cspStr = `script-src 'self'${this.options.dev ? " 'unsafe-eval'" : ''} ${(cspScriptSrcHashes).join(' ')}`
if (Array.isArray(allowedSources)) {
// For compatible section
cspStr = `script-src 'self' ${cspScriptSrcHashes.concat(allowedSources).join(' ')}`
cspStr += ' ' + allowedSources.join(' ')
} else if (typeof policies === 'object' && policies !== null && !Array.isArray(policies)) {
// Set default policy if necessary
if (!policies['script-src'] || !Array.isArray(policies['script-src'])) {