Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nonces to font-src and make NGINX replace "CSP_NONCE" with a nonce to ensure vite can handle it #779

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add nonces to font-src and make NGINX replace "CSP_NONCE" with a nonce to ensure vite can handle it #779

wants to merge 2 commits into from

Conversation

MTRNord
Copy link
Contributor

@MTRNord MTRNord commented Sep 13, 2024
edited by mgcm
Loading

The CSP_NONCE allows use to set html.cspNonce in the vite config as the current approach in vite leads to invalid html. This way we can make sure that all included file tags have a nonce and not just the hardcoded ones. This also might help us with MUI later.

✔️ Checklist

  • A changeset describing the change and affected packages (more info).
  • Added or updated documentation.
  • Tests for new functionality and regression tests for bug fixes.
  • Screenshots or videos attached (for UI changes).
  • All your commits have a Signed-off-by line in the message (more info).

@MTRNord MTRNord requested a review from a team September 13, 2024 12:32
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 13, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 8e261c0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@matrix-widget-toolkit/widget-server Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

MTRNord and others added 2 commits September 13, 2024 14:25
@MTRNord @mgcm
Fix the font-src nonce and add another way to set nonces to allow vit…
ca8ad09 
…e to deal with nonces

Signed-off-by: MTRNord <mtrnord1@gmail.com>
@mgcm
Adding changeset
8e261c0 
Signed-off-by: Milton Moura <miltonmoura@gmail.com>
HarHarLinks
HarHarLinks reviewed Sep 16, 2024
View reviewed changes
Copy link
Contributor

@HarHarLinks HarHarLinks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

while this does not seem to be wrong per se, i am not aware of any issue this fixes. this should probably be replaced by the vite migration

@HarHarLinks HarHarLinks marked this pull request as draft September 17, 2024 08:05
@HarHarLinks HarHarLinks force-pushed the main branch 2 times, most recently from fb28b97 to ddc548c Compare October 21, 2024 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HarHarLinks HarHarLinks HarHarLinks left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MTRNord @HarHarLinks @mgcm