Skip to content

Commit

Permalink
Add security warning
Browse files Browse the repository at this point in the history
Fixes #613
  • Loading branch information
xi committed Dec 6, 2023
1 parent fd577b7 commit 59fdd9d
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,10 @@ module.exports = {
};
```

## Security Warning

This loader is primarily meant for development. The default settings are not safe for production environments. See the [recommended example configuration](#recommended) and the section on [nonces](#nonce) for details.

## Options

- [**`injectType`**](#injecttype)
Expand Down Expand Up @@ -964,6 +968,8 @@ module.exports = {

### Nonce

If you are using a [Content Security Policy](https://www.w3.org/TR/CSP3/) (CSP), the injected code will usually be blocked. A workaround is to use a nonce. Note, however, that using a nonce significantly reduces the protection provided by the CSP. You can read more about the security impact in [the specification](https://www.w3.org/TR/CSP3/#security-considerations). The better solution is not to use this loader in production.

There are two ways to work with `nonce`:

- using the `attributes` option
Expand Down

0 comments on commit 59fdd9d

Please sign in to comment.