mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-27 08:02:01 +00:00
perf(vue-renderer): don't serialize session when injectScripts
is false (#6846)
This commit is contained in:
parent
67ad293ada
commit
af75aa86e1
@ -126,19 +126,26 @@ export default class SSRRenderer extends BaseRenderer {
|
||||
}
|
||||
}
|
||||
|
||||
const { csp } = this.options.render
|
||||
// Only add the hash if 'unsafe-inline' rule isn't present to avoid conflicts (#5387)
|
||||
const containsUnsafeInlineScriptSrc = csp.policies && csp.policies['script-src'] && csp.policies['script-src'].includes('\'unsafe-inline\'')
|
||||
const shouldHashCspScriptSrc = csp && (csp.unsafeInlineCompatibility || !containsUnsafeInlineScriptSrc)
|
||||
let serializedSession = ''
|
||||
|
||||
// Serialize state
|
||||
const serializedSession = `window.${this.serverContext.globals.context}=${devalue(renderContext.nuxt)};`
|
||||
if (shouldInjectScripts || shouldHashCspScriptSrc) {
|
||||
// Only serialized session if need inject scripts or csp hash
|
||||
serializedSession = `window.${this.serverContext.globals.context}=${devalue(renderContext.nuxt)};`
|
||||
}
|
||||
|
||||
if (shouldInjectScripts) {
|
||||
APP += `<script>${serializedSession}</script>`
|
||||
}
|
||||
|
||||
// Calculate CSP hashes
|
||||
const { csp } = this.options.render
|
||||
const cspScriptSrcHashes = []
|
||||
if (csp) {
|
||||
// Only add the hash if 'unsafe-inline' rule isn't present to avoid conflicts (#5387)
|
||||
const containsUnsafeInlineScriptSrc = csp.policies && csp.policies['script-src'] && csp.policies['script-src'].includes('\'unsafe-inline\'')
|
||||
if (csp.unsafeInlineCompatibility || !containsUnsafeInlineScriptSrc) {
|
||||
if (shouldHashCspScriptSrc) {
|
||||
const hash = crypto.createHash(csp.hashAlgorithm)
|
||||
hash.update(serializedSession)
|
||||
cspScriptSrcHashes.push(`'${csp.hashAlgorithm}-${hash.digest('base64')}'`)
|
||||
|
Loading…
Reference in New Issue
Block a user