Skip to content

feat: add nonce attribute to style tags#1787

Closed
marvinhagemeister wants to merge 1 commit into
mainfrom
nonce-style
Closed

feat: add nonce attribute to style tags#1787
marvinhagemeister wants to merge 1 commit into
mainfrom
nonce-style

Conversation

@marvinhagemeister

@marvinhagemeister marvinhagemeister commented Sep 18, 2023

Copy link
Copy Markdown
Contributor

No description provided.

@Jabolol Jabolol mentioned this pull request Sep 20, 2023
Merged
bartlomieju added a commit that referenced this pull request Mar 26, 2026
@bartlomieju @claude
feat: add nonce support for inline style and script tags in CSP
0a9d7af 
- Auto-inject nonce attribute onto inline <script> and <style> tags
  during server rendering (preact_hooks.ts vnode hook)
- Expose render nonce via X-Fresh-Nonce response header (context.ts)
- Add useNonce option to CSP middleware that replaces 'unsafe-inline'
  with nonce-based directives per request
- Existing explicit nonce attributes on tags are preserved
- Non-rendered responses (API routes) fall back to unsafe-inline

Supersedes #1787.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bartlomieju

bartlomieju commented Mar 26, 2026

Copy link
Copy Markdown
Contributor

Superseded by a new implementation against the current Fresh 2.x codebase. The new PR adds nonce support for both inline <style> and <script> tags, plus a useNonce option on the CSP middleware.

@bartlomieju bartlomieju mentioned this pull request Mar 26, 2026
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marvinhagemeister @bartlomieju