New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nonce attributes values are erased during application boot - SSR mode #427
Comments
Hi @BnitoBzh There are many small things that you should double-check in your configuration. For instance Aside from these, and in order to keep issues separate, can you do the following:
|
@vejja, thanks for the CSP config issue I will make changes and test. |
Could you let me know what you mean by 'empty nonce' ? Please provide screenshots of the Safari complaints. Maybe the issue is due to how you manage the I can see that you are using Nuxt 3.11.2 : you could use the new |
The dev toolbar in the 'Elements' section does not display the nonce for security reasons |
Hum ok .. So do you have any idea why my CSP are ignored in Safari ? |
I can try to help if you send me a screenshot of the Console and Network Headers tabs of the Safari devtools |
@BnitoBzh any details from your side? :) |
I have removed all |
@BnitoBzh I think this might actually be related to #432 |
Sorry, not enough time to test it now, i will test it in the next week. |
Version
nuxt-security: 1.3.2
nuxt: 3.11.2
Reproduction Link
Nothing
Steps to reproduce
Nothing
What is Expected?
Nuxt must render the page in SSR mode with all
nonce
attributes set on each script tag.What is actually happening?
When Nuxt render the page in SSR mode, all
nonce
attributes are set. i am using the browser utlity "show the page source", this is OK !But when the page is fully loaded and the Nuxt app is running, the developer tools shows that all
nonce
attribute values are empty ...This cause multiple issue with CSP ...
Here is my nuxt config file :
The text was updated successfully, but these errors were encountered: