mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-30 09:27:13 +00:00
fix: Fix CSP in development mode, add unsafe-eval
This commit is contained in:
parent
0df0b8bebc
commit
a02935c15f
@ -71,10 +71,10 @@ export default async function nuxtMiddleware(req, res, next) {
|
||||
if (this.options.render.csp && this.options.render.csp.enabled) {
|
||||
const allowedSources = this.options.render.csp.allowedSources
|
||||
const policies = this.options.render.csp.policies
|
||||
let cspStr = `script-src 'self' ${(cspScriptSrcHashes).join(' ')}`
|
||||
let cspStr = `script-src 'self'${this.options.dev ? " 'unsafe-eval'" : ''} ${(cspScriptSrcHashes).join(' ')}`
|
||||
if (Array.isArray(allowedSources)) {
|
||||
// For compatible section
|
||||
cspStr = `script-src 'self' ${cspScriptSrcHashes.concat(allowedSources).join(' ')}`
|
||||
cspStr += ' ' + allowedSources.join(' ')
|
||||
} else if (typeof policies === 'object' && policies !== null && !Array.isArray(policies)) {
|
||||
// Set default policy if necessary
|
||||
if (!policies['script-src'] || !Array.isArray(policies['script-src'])) {
|
||||
|
Loading…
Reference in New Issue
Block a user