Template renderer and CSP #7479

jbudz · 2018-01-19T02:33:01Z

What problem does this feature solve?

When context with state is provided to the template renderer an inline script is created. It may be useful to provide a nonce that gets attached to the script tag so an unsafe-inline CSP doesn't have to be enabled.

What does the proposed API look like?

renderer.renderToString({
  state: {},
  nonce: ''
})

The text was updated successfully, but these errors were encountered:

yyx990803 · 2018-12-20T20:15:16Z

Closed via #8047

close #7479

…#8047) close vuejs#7479

HerringtonDarkholme added contribution welcome improvement labels Jan 19, 2018

yyx990803 added intend to implement feature request labels Mar 10, 2018

hatashiro mentioned this issue Apr 18, 2018

feat(ssr): Add 'nonce' option to context for ssr outlet script, fix #7479 #8047

Merged

13 tasks

sodatea added the has PR label Jun 7, 2018

vuejs deleted a comment Oct 3, 2018

yyx990803 added this to Todo in 2.6 via automation Dec 6, 2018

yyx990803 moved this from Todo to In progress in 2.6 Dec 6, 2018

yyx990803 moved this from In progress to Todo in 2.6 Dec 6, 2018

yyx990803 removed this from Todo in 2.6 Dec 20, 2018

yyx990803 closed this as completed Dec 20, 2018

yyx990803 pushed a commit that referenced this issue Dec 20, 2018

feat(ssr): Add 'nonce' option to context for ssr outlet script (#8047)

f036cce

close #7479

f2009 pushed a commit to f2009/vue that referenced this issue Jan 25, 2019

feat(ssr): Add 'nonce' option to context for ssr outlet script (vuejs…

5d812d9

…#8047) close vuejs#7479

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Template renderer and CSP #7479

Template renderer and CSP #7479

jbudz commented Jan 19, 2018

yyx990803 commented Dec 20, 2018

Template renderer and CSP #7479

Template renderer and CSP #7479

Comments

jbudz commented Jan 19, 2018

What problem does this feature solve?

What does the proposed API look like?

yyx990803 commented Dec 20, 2018