totole/sapper
1
0
Fork 0
mirror of https://github.com/kevin-DL/sapper.git synced 2026-01-12 11:15:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #424 from nolanlawson/csp-nonce

Browse Source 
Allow scripts to contain a CSP nonce
This commit is contained in:
Rich Harris
2018-09-07 19:46:07 -04:00
committed by GitHub
parent 0e8ed6612c 0a7be736c0
commit cd1b53b80d
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/middleware.ts
View File

@@ -524,9 +524,12 @@ function get_page_handler(
styles = (css && css.code ? `<style>${css.code}</style>` : '');
}
// users can set a CSP nonce using res.locals.nonce
const nonce_attr = (res.locals && res.locals.nonce) ? ` nonce="${res.locals.nonce}"` : '';
const body = template()
.replace('%sapper.base%', () => `<base href="${req.baseUrl}/">`)
.replace('%sapper.scripts%', () => `<script>${script}</script>`)
.replace('%sapper.scripts%', () => `<script${nonce_attr}>${script}</script>`)
.replace('%sapper.html%', () => html)
.replace('%sapper.head%', () => `<noscript id='sapper-head-start'></noscript>${head}<noscript id='sapper-head-end'></noscript>`)
.replace('%sapper.styles%', () => styles);