mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-11 08:33:53 +00:00
refactor(server): only append not empty allowed sources to csp (#6771)
This commit is contained in:
parent
112d836e6e
commit
e999060da5
@ -98,12 +98,12 @@ describe('config: options', () => {
|
|||||||
})
|
})
|
||||||
|
|
||||||
test('should enable csp', () => {
|
test('should enable csp', () => {
|
||||||
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: [], test: true } } })
|
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: ['/nuxt/*'], test: true } } })
|
||||||
expect(csp).toEqual({
|
expect(csp).toEqual({
|
||||||
hashAlgorithm: 'sha256',
|
hashAlgorithm: 'sha256',
|
||||||
addMeta: false,
|
addMeta: false,
|
||||||
unsafeInlineCompatibility: false,
|
unsafeInlineCompatibility: false,
|
||||||
allowedSources: [],
|
allowedSources: ['/nuxt/*'],
|
||||||
policies: undefined,
|
policies: undefined,
|
||||||
reportOnly: false,
|
reportOnly: false,
|
||||||
test: true
|
test: true
|
||||||
@ -112,12 +112,12 @@ describe('config: options', () => {
|
|||||||
|
|
||||||
// TODO: Remove this test in Nuxt 3, we will stop supporting this typo (more on: https://github.com/nuxt/nuxt.js/pull/6583)
|
// TODO: Remove this test in Nuxt 3, we will stop supporting this typo (more on: https://github.com/nuxt/nuxt.js/pull/6583)
|
||||||
test('should enable csp with old typo property name, avoiding breaking changes', () => {
|
test('should enable csp with old typo property name, avoiding breaking changes', () => {
|
||||||
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: [], test: true, unsafeInlineCompatiblity: true } } })
|
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: ['/nuxt/*'], test: true, unsafeInlineCompatiblity: true } } })
|
||||||
expect(csp).toEqual({
|
expect(csp).toEqual({
|
||||||
hashAlgorithm: 'sha256',
|
hashAlgorithm: 'sha256',
|
||||||
addMeta: false,
|
addMeta: false,
|
||||||
unsafeInlineCompatibility: true,
|
unsafeInlineCompatibility: true,
|
||||||
allowedSources: [],
|
allowedSources: ['/nuxt/*'],
|
||||||
policies: undefined,
|
policies: undefined,
|
||||||
reportOnly: false,
|
reportOnly: false,
|
||||||
test: true
|
test: true
|
||||||
|
@ -127,7 +127,7 @@ const getCspString = ({ cspScriptSrcHashes, allowedSources, policies, isDev }) =
|
|||||||
const joinedHashes = cspScriptSrcHashes.join(' ')
|
const joinedHashes = cspScriptSrcHashes.join(' ')
|
||||||
const baseCspStr = `script-src 'self'${isDev ? ' \'unsafe-eval\'' : ''} ${joinedHashes}`
|
const baseCspStr = `script-src 'self'${isDev ? ' \'unsafe-eval\'' : ''} ${joinedHashes}`
|
||||||
|
|
||||||
if (Array.isArray(allowedSources)) {
|
if (Array.isArray(allowedSources) && allowedSources.length) {
|
||||||
return `${baseCspStr} ${allowedSources.join(' ')}`
|
return `${baseCspStr} ${allowedSources.join(' ')}`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user