refactor(server): only append not empty allowed sources to csp (#6771)

This commit is contained in:
Xin Du (Clark) 2019-12-17 04:16:51 +08:00 committed by Pooya Parsa
parent 112d836e6e
commit e999060da5
2 changed files with 5 additions and 5 deletions

View File

@ -98,12 +98,12 @@ describe('config: options', () => {
})
test('should enable csp', () => {
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: [], test: true } } })
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: ['/nuxt/*'], test: true } } })
expect(csp).toEqual({
hashAlgorithm: 'sha256',
addMeta: false,
unsafeInlineCompatibility: false,
allowedSources: [],
allowedSources: ['/nuxt/*'],
policies: undefined,
reportOnly: false,
test: true
@ -112,12 +112,12 @@ describe('config: options', () => {
// TODO: Remove this test in Nuxt 3, we will stop supporting this typo (more on: https://github.com/nuxt/nuxt.js/pull/6583)
test('should enable csp with old typo property name, avoiding breaking changes', () => {
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: [], test: true, unsafeInlineCompatiblity: true } } })
const { render: { csp } } = getNuxtConfig({ render: { csp: { allowedSources: ['/nuxt/*'], test: true, unsafeInlineCompatiblity: true } } })
expect(csp).toEqual({
hashAlgorithm: 'sha256',
addMeta: false,
unsafeInlineCompatibility: true,
allowedSources: [],
allowedSources: ['/nuxt/*'],
policies: undefined,
reportOnly: false,
test: true

View File

@ -127,7 +127,7 @@ const getCspString = ({ cspScriptSrcHashes, allowedSources, policies, isDev }) =
const joinedHashes = cspScriptSrcHashes.join(' ')
const baseCspStr = `script-src 'self'${isDev ? ' \'unsafe-eval\'' : ''} ${joinedHashes}`
if (Array.isArray(allowedSources)) {
if (Array.isArray(allowedSources) && allowedSources.length) {
return `${baseCspStr} ${allowedSources.join(' ')}`
}