Comments (3)
This is now fixed in 3.0.0. You must also upgrade Marko to 4.18.47
and then you can pass a cspNonce
as a Marko global and it will be picked up here (as well as other scripts output by Marko).
Eg:
template.render({ $global: { cspNonce: "..." } });
from webpack.
This should be straight forward for the scripts inlined.
Do you happen to know if scripts added dynamically via js also require the nonce? It seems webpack is doing that here https://github.com/webpack/webpack/pull/3210/files#diff-82578d379e84f28902072d7b5efc5be0R43
from webpack.
Do you happen to know if scripts added dynamically via js also require the nonce? It seems webpack is doing that here https://github.com/webpack/webpack/pull/3210/files#diff-82578d379e84f28902072d7b5efc5be0R43
It would be better yes, since those scripts would need to be trusted as well.
There is also a CSP level 3 option for the script-src
directive called strict-dynamic
that states that dynamically loaded scripts from an already allowed script are safe; but I'm not sure how much support there is for CSP level 3 out there though.
from webpack.
Related Issues (18)
- Action required: Greenkeeper could not be activated 🚨
- Provide boilerplates / migration guide for lasso users HOT 1
- Uncaught TypeError: out.error is not a function
- package.json "repository" URL 404s HOT 1
- Asset loading strategy problems HOT 2
- Automatically include discovered taglibs when compiling HOT 2
- @marko/webpack is trying to require the package "tslib" without it being listed in its dependencies
- Cannot assign to read only property 'exports' of object '#<Object>' HOT 1
- Cache Marko Files HOT 2
- Incompatible with Webpack 5 HOT 3
- Customizable asset output HOT 7
- Loader support for split component lazy hydration HOT 1
- Breaks if component filename contains `?`
- Compilation errors starting with 8.0.1 HOT 11
- Maximum call stack size exceeded when component references itself HOT 2
- Marko stopped working after upgrade to 5.31.16 HOT 6
- Support rspack
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webpack.