@netlify/plugin-csp-nonce 1.1.2 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/__csp-nonce.ts +5 -3
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "private": false,
3
3
  "name": "@netlify/plugin-csp-nonce",
4
- "version": "1.1.2",
4
+ "version": "1.1.3",
5
5
  "description": "Use a nonce for the script-src and style-src directives of your Content Security Policy.",
6
6
  "main": "index.js",
7
7
  "repository": {
package/src/__csp-nonce.ts CHANGED
@@ -29,14 +29,15 @@ const handler = async (request: Request, context: Context) => {
29
29
  const isGET = request.method?.toUpperCase() === "GET";
30
30
  const isCurl = request.headers.get("user-agent")?.startsWith("curl/");
31
31
  const isHTMLRequest =
32
- request.headers.get("accept")?.startsWith("text/html") || isCurl;
32
+ request.headers.get("accept")?.includes("text/html") ||
33
+ request.headers.get("sec-fetch-dest") === "document" ||
34
+ isCurl;
33
35
  const isHTMLResponse = response.headers
34
36
  .get("content-type")
35
37
  ?.startsWith("text/html");
36
38
  const shouldTransformResponse = isGET && isHTMLRequest && isHTMLResponse;
37
39
  if (!shouldTransformResponse) {
38
- // @ts-expect-error
39
- console.log(`Unnecessary invocation for ${request.path || request.url}`);
40
+ console.log(`Unnecessary invocation for ${request.url}`);
40
41
  return response;
41
42
  }
42
43
 
@@ -157,6 +158,7 @@ export const config: Config = {
157
158
  ...excludedExtensions.map((ext) => `**/*.${ext}`),
158
159
  ],
159
160
  handler,
161
+ onError: "bypass",
160
162
  };
161
163
 
162
164
  export default handler;