Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(csp): SRI hashes for SSG mode #287

Merged
merged 3 commits into from
Nov 10, 2023
Merged

feat(csp): SRI hashes for SSG mode #287

merged 3 commits into from
Nov 10, 2023

Conversation

vejja
Copy link
Collaborator

@vejja vejja commented Nov 8, 2023

Types of changes

  • Bug fix (a non-breaking change which fixes an issue)
  • New feature (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Description

This PR significantly improves our support of Strict CSP in SSG mode by whitelisting external resources based on their integrity hash.

Previously, in SSG mode Nuxt Security was only able to compute hashes of inline elements. With this PR, Nuxt Security is now able to insert the hashes of external elements.

This PR builds upon PR #285, which introduced Subresource Integrity support by Nuxt Security, to collect the SRI hashes of external resources and use them for CSP setup.

The module parses all valid external links, and allocates them to the relevant CSP section in accordance with the HTML WHATWG standard.

This PR closes Issue #279.

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes (if not applicable, please state why)

A new test suite for ssg is introduced.

@vercel Vercel
Copy link

vercel bot commented Nov 8, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
nuxt-security ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 9, 2023 0:59am

@vejja vejja marked this pull request as ready for review November 8, 2023 18:47
@Baroshem
Copy link
Owner

Baroshem commented Nov 9, 2023

Hey @vejja

I am not fast enough to review your amazing work! But I will do my best to not be very late 😃

I have merged the initial SRI Pr. Could you please resolve conflicts here so that I could review it and test it? :)

@vejja
Copy link
Collaborator Author

vejja commented Nov 9, 2023

Hey @vejja

I am not fast enough to review your amazing work! But I will do my best to not be very late 😃

I have merged the initial SRI Pr. Could you please resolve conflicts here so that I could review it and test it? :)

Yes, done now !

@Baroshem
Copy link
Owner

Awesome thank you! Really nice work! 🚀

@Baroshem Baroshem merged commit f75159d into Baroshem:chore/1.0.0-rc.4 Nov 10, 2023
3 checks passed
@vejja vejja mentioned this pull request Nov 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Baroshem Baroshem Baroshem approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vejja @Baroshem