Skip to content

fix(web): forward csp nonce to theme script#35960

Merged
hyoban merged 1 commit into
mainfrom
fix/csp-nonce-forwarding
May 9, 2026
Merged

fix(web): forward csp nonce to theme script#35960
hyoban merged 1 commit into
mainfrom
fix/csp-nonce-forwarding

Conversation

@lyzno1
Copy link
Copy Markdown
Member

@lyzno1 lyzno1 commented May 9, 2026
edited by hyoban
Loading

Fixes #32185

Summary

  • pass the CSP nonce from root layout into next-themes ThemeProvider
  • set forwarded request headers before creating NextResponse.next() so RSC can read x-nonce

Testing

  • pnpm --dir web exec eslint app/layout.tsx proxy.ts
  • pre-commit eslint on staged files

@lyzno1 lyzno1 requested a review from iamjoel as a code owner May 9, 2026 04:29
@dosubot dosubot Bot added the size:S This PR changes 10-29 lines, ignoring generated files. label May 9, 2026
@github-actions github-actions Bot added the web This relates to changes on the web. label May 9, 2026
@dosubot dosubot Bot added the lgtm This PR has been approved by a maintainer label May 9, 2026
@hyoban hyoban enabled auto-merge May 9, 2026 04:30
@codecov
Copy link
Copy Markdown

codecov Bot commented May 9, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.80%. Comparing base (c5ac191) to head (96a1b16).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #35960      +/-   ##
==========================================
- Coverage   85.80%   85.80%   -0.01%     
==========================================
  Files        4463     4463              
  Lines      209559   209559              
  Branches    39250    39250              
==========================================
- Hits       179814   179808       -6     
- Misses      26552    26558       +6     
  Partials     3193     3193
Flag Coverage Δ
dify-ui 94.23% <ø> (ø)
web 86.75% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@hyoban hyoban added this pull request to the merge queue May 9, 2026
Merged via the queue into main with commit 5ebeb34 May 9, 2026
33 checks passed
@hyoban hyoban deleted the fix/csp-nonce-forwarding branch May 9, 2026 04:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyoban hyoban hyoban approved these changes

@iamjoel iamjoel Awaiting requested review from iamjoel iamjoel is a code owner

Assignees

No one assigned

Labels

lgtm This PR has been approved by a maintainer size:S This PR changes 10-29 lines, ignoring generated files. web This relates to changes on the web.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Do not flicker in dark mode

2 participants

@lyzno1 @hyoban