Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Template renderer and CSP #7479

Closed
jbudz opened this issue Jan 19, 2018 · 1 comment
Closed

Template renderer and CSP #7479

jbudz opened this issue Jan 19, 2018 · 1 comment
Labels
contribution welcome feature request has PR improvement intend to implement

Comments

@jbudz
Copy link

jbudz commented Jan 19, 2018

What problem does this feature solve?

When context with state is provided to the template renderer an inline script is created. It may be useful to provide a nonce that gets attached to the script tag so an unsafe-inline CSP doesn't have to be enabled.

What does the proposed API look like?

renderer.renderToString({
  state: {},
  nonce: ''
})
@hatashiro hatashiro mentioned this issue Apr 18, 2018
Merged
13 tasks
@vuejs vuejs deleted a comment Oct 3, 2018
@yyx990803
Copy link
Member

Closed via #8047

yyx990803 pushed a commit that referenced this issue Dec 20, 2018
@yyx990803
feat(ssr): Add 'nonce' option to context for ssr outlet script (#8047)
f036cce 
close #7479
f2009 pushed a commit to f2009/vue that referenced this issue Jan 25, 2019
feat(ssr): Add 'nonce' option to context for ssr outlet script (vuejs…
5d812d9 
…#8047)

close vuejs#7479
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contribution welcome feature request has PR improvement intend to implement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yyx990803 @HerringtonDarkholme @jbudz @haoqunjiang