feat(csp): SRI hashes for SSG mode #287
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Types of changes
Description
This PR significantly improves our support of Strict CSP in SSG mode by whitelisting external resources based on their integrity hash.
Previously, in SSG mode Nuxt Security was only able to compute hashes of inline elements. With this PR, Nuxt Security is now able to insert the hashes of external elements.
This PR builds upon PR #285, which introduced Subresource Integrity support by Nuxt Security, to collect the SRI hashes of external resources and use them for CSP setup.
The module parses all valid external links, and allocates them to the relevant CSP section in accordance with the HTML WHATWG standard.
This PR closes Issue #279.
Checklist:
A new test suite for ssg is introduced.