mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-27 08:02:01 +00:00
refactor(server): only append not empty allowed sources to csp (#6771)
This commit is contained in:
parent
112d836e6e
commit
e999060da5
@ -98,12 +98,12 @@ describe('config: options', () => {
|
||||
})
|
||||
|
||||
test('should enable csp', () => {
|
||||
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: [], test: true } } })
|
||||
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: ['/nuxt/*'], test: true } } })
|
||||
expect(csp).toEqual({
|
||||
hashAlgorithm: 'sha256',
|
||||
addMeta: false,
|
||||
unsafeInlineCompatibility: false,
|
||||
allowedSources: [],
|
||||
allowedSources: ['/nuxt/*'],
|
||||
policies: undefined,
|
||||
reportOnly: false,
|
||||
test: true
|
||||
@ -112,12 +112,12 @@ describe('config: options', () => {
|
||||
|
||||
// TODO: Remove this test in Nuxt 3, we will stop supporting this typo (more on: https://github.com/nuxt/nuxt.js/pull/6583)
|
||||
test('should enable csp with old typo property name, avoiding breaking changes', () => {
|
||||
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: [], test: true, unsafeInlineCompatiblity: true } } })
|
||||
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: ['/nuxt/*'], test: true, unsafeInlineCompatiblity: true } } })
|
||||
expect(csp).toEqual({
|
||||
hashAlgorithm: 'sha256',
|
||||
addMeta: false,
|
||||
unsafeInlineCompatibility: true,
|
||||
allowedSources: [],
|
||||
allowedSources: ['/nuxt/*'],
|
||||
policies: undefined,
|
||||
reportOnly: false,
|
||||
test: true
|
||||
|
@ -127,7 +127,7 @@ const getCspString = ({ cspScriptSrcHashes, allowedSources, policies, isDev }) =
|
||||
const joinedHashes = cspScriptSrcHashes.join(' ')
|
||||
const baseCspStr = `script-src 'self'${isDev ? ' \'unsafe-eval\'' : ''} ${joinedHashes}`
|
||||
|
||||
if (Array.isArray(allowedSources)) {
|
||||
if (Array.isArray(allowedSources) && allowedSources.length) {
|
||||
return `${baseCspStr} ${allowedSources.join(' ')}`
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user