@adobe/helix-html-pipeline 6.24.0 → 6.24.2

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [6.24.2](https://github.com/adobe/helix-html-pipeline/compare/v6.24.1...v6.24.2) (2025-04-02)
+
+
+### Bug Fixes
+
+* Add script nonce to <link as=script> ([#850](https://github.com/adobe/helix-html-pipeline/issues/850)) ([182f281](https://github.com/adobe/helix-html-pipeline/commit/182f2816c018ed4e68af44ff3738ca9722984455))
+
+## [6.24.1](https://github.com/adobe/helix-html-pipeline/compare/v6.24.0...v6.24.1) (2025-03-28)
+
+
+### Bug Fixes
+
+* support aem-gcp.page|live internal domain ([f6307bb](https://github.com/adobe/helix-html-pipeline/commit/f6307bb9a3704a5020738b1664a01b5201064f5a))
+
 # [6.24.0](https://github.com/adobe/helix-html-pipeline/compare/v6.23.0...v6.24.0) (2025-03-27)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-html-pipeline",
-  "version": "6.24.0",
+  "version": "6.24.2",
   "description": "Helix HTML Pipeline",
   "main": "src/index.js",
   "types": "src/index.d.ts",

package/src/robots-pipe.js

@@ -54,9 +54,11 @@ const INTERNAL_DOMAINS = [
   '.aem.page',
   '.aem-fastly.page',
   '.aem-cloudflare.page',
+  '.aem-gcp.page',
   '.aem.live',
   '.aem-fastly.live',
   '.aem-cloudflare.live',
+  '.aem-gcp.live',
   '.hlx.page',
   '.hlx-fastly.page',
   '.hlx-cloudflare.page',

package/src/steps/csp.js

@@ -111,9 +111,15 @@ function createAndApplyNonceOnAST(res, tree, metaCSP, headerCSP, headerCSPRO) {
   }
 
   visit(tree, (node) => {
-    if (scriptNonce && node.tagName === 'script' && node.properties?.nonce === 'aem') {
-      node.properties.nonce = nonce;
-      return;
+    if (scriptNonce) {
+      if (node.tagName === 'script' && node.properties?.nonce === 'aem') {
+        node.properties.nonce = nonce;
+        return;
+      }
+      if (node.tagName === 'link' && node.properties?.as === 'script' && node.properties?.nonce === 'aem') {
+        node.properties.nonce = nonce;
+        return;
+      }
     }
 
     if (styleNonce
@@ -222,14 +228,34 @@ export function contentSecurityPolicyOnCode(state, res) {
           }
         }
 
-        if (scriptNonce && tag.tagName === 'script' && tag.attrs.find((attr) => attr.name === 'nonce' && attr.value === 'aem')) {
-          chunks.push(getRawHTML(tag).replace(/nonce="aem"/i, `nonce="${nonce}"`));
-          return;
+        if (scriptNonce) {
+          if (tag.tagName === 'script' && tag.attrs.find((attr) => attr.name === 'nonce' && attr.value === 'aem')) {
+            chunks.push(getRawHTML(tag).replace(/nonce="aem"/i, `nonce="${nonce}"`));
+            return;
+          }
+
+          if (tag.tagName === 'link'
+            && tag.attrs.find((attr) => attr.name === 'as' && attr.value === 'script')
+            && tag.attrs.find((attr) => attr.name === 'nonce' && attr.value === 'aem')
+          ) {
+            chunks.push(getRawHTML(tag).replace(/nonce="aem"/i, `nonce="${nonce}"`));
+            return;
+          }
         }
 
-        if (styleNonce && (tag.tagName === 'style' || tag.tagName === 'link') && tag.attrs.find((attr) => attr.name === 'nonce' && attr.value === 'aem')) {
-          chunks.push(getRawHTML(tag).replace(/nonce="aem"/i, `nonce="${nonce}"`));
-          return;
+        if (styleNonce) {
+          if (tag.tagName === 'style' && tag.attrs.find((attr) => attr.name === 'nonce' && attr.value === 'aem')) {
+            chunks.push(getRawHTML(tag).replace(/nonce="aem"/i, `nonce="${nonce}"`));
+            return;
+          }
+
+          if (tag.tagName === 'link'
+            && tag.attrs.find((attr) => attr.name === 'rel' && attr.value === 'stylesheet')
+            && tag.attrs.find((attr) => attr.name === 'nonce' && attr.value === 'aem')
+          ) {
+            chunks.push(getRawHTML(tag).replace(/nonce="aem"/i, `nonce="${nonce}"`));
+            return;
+          }
         }
 
         chunks.push(getRawHTML(tag));