@netlify/plugin-csp-nonce 1.1.2 → 1.1.4

package/package.json

@@ -1,7 +1,7 @@
 {
   "private": false,
   "name": "@netlify/plugin-csp-nonce",
-  "version": "1.1.2",
+  "version": "1.1.4",
   "description": "Use a nonce for the script-src and style-src directives of your Content Security Policy.",
   "main": "index.js",
   "repository": {

package/src/__csp-nonce.ts

@@ -29,14 +29,19 @@ const handler = async (request: Request, context: Context) => {
   const isGET = request.method?.toUpperCase() === "GET";
   const isCurl = request.headers.get("user-agent")?.startsWith("curl/");
   const isHTMLRequest =
-    request.headers.get("accept")?.startsWith("text/html") || isCurl;
+    request.headers.get("accept")?.includes("text/html") ||
+    request.headers.get("sec-fetch-dest") === "document" ||
+    isCurl;
   const isHTMLResponse = response.headers
     .get("content-type")
     ?.startsWith("text/html");
   const shouldTransformResponse = isGET && isHTMLRequest && isHTMLResponse;
   if (!shouldTransformResponse) {
-    // @ts-expect-error
-    console.log(`Unnecessary invocation for ${request.path || request.url}`);
+    console.log(`Unnecessary invocation for ${request.url}`, {
+      method: request.method,
+      accept: request.headers.get("accept"),
+      "content-type": response.headers.get("content-type"),
+    });
     return response;
   }
 
@@ -157,6 +162,7 @@ export const config: Config = {
     ...excludedExtensions.map((ext) => `**/*.${ext}`),
   ],
   handler,
+  onError: "bypass",
 };
 
 export default handler;