@netlify/plugin-csp-nonce 1.2.13 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +22 -2
- package/package.json +4 -1
- package/src/__csp-nonce.ts +5 -2
package/index.js
CHANGED
|
@@ -1,15 +1,24 @@
|
|
|
1
1
|
/* eslint-disable no-console */
|
|
2
2
|
import fs, { copyFileSync } from "fs";
|
|
3
|
+
import { getBuildInfo } from '@netlify/build-info/node';
|
|
3
4
|
|
|
4
5
|
const SITE_ID = "321a7119-6008-49a8-9d2f-e20602b1b349";
|
|
5
6
|
|
|
7
|
+
async function projectUsesNextJS() {
|
|
8
|
+
for (const framework of (await getBuildInfo()).frameworks) {
|
|
9
|
+
if (framework.id === 'next') {
|
|
10
|
+
return true;
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
return false;
|
|
14
|
+
}
|
|
15
|
+
|
|
6
16
|
export const onPreBuild = async ({
|
|
7
17
|
inputs,
|
|
8
18
|
netlifyConfig,
|
|
9
19
|
utils,
|
|
10
20
|
constants,
|
|
11
21
|
}) => {
|
|
12
|
-
const config = JSON.stringify(inputs, null, 2);
|
|
13
22
|
const { build } = netlifyConfig;
|
|
14
23
|
|
|
15
24
|
const { INTERNAL_EDGE_FUNCTIONS_SRC, INTERNAL_FUNCTIONS_SRC } = constants;
|
|
@@ -51,9 +60,20 @@ export const onPreBuild = async ({
|
|
|
51
60
|
`${basePath}/__csp-nonce.ts`,
|
|
52
61
|
`${INTERNAL_EDGE_FUNCTIONS_SRC}/__csp-nonce.ts`,
|
|
53
62
|
);
|
|
63
|
+
|
|
64
|
+
const usesNext = await projectUsesNextJS();
|
|
65
|
+
|
|
66
|
+
// Do not invoke the CSP Edge Function for Netlify Image CDN requests.
|
|
67
|
+
inputs.excludedPath.push('/.netlify/images');
|
|
68
|
+
|
|
69
|
+
// If using NextJS, do not invoke the CSP Edge Function for NextJS Image requests.
|
|
70
|
+
if (usesNext) {
|
|
71
|
+
inputs.excludedPath.push('/_next/image');
|
|
72
|
+
}
|
|
73
|
+
|
|
54
74
|
fs.writeFileSync(
|
|
55
75
|
`${INTERNAL_EDGE_FUNCTIONS_SRC}/__csp-nonce-inputs.json`,
|
|
56
|
-
|
|
76
|
+
JSON.stringify(inputs, null, 2),
|
|
57
77
|
);
|
|
58
78
|
|
|
59
79
|
// if no reportUri in config input, deploy function on site's behalf
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"private": false,
|
|
3
3
|
"name": "@netlify/plugin-csp-nonce",
|
|
4
|
-
"version": "1.
|
|
4
|
+
"version": "1.3.0",
|
|
5
5
|
"description": "Use a nonce for the script-src and style-src directives of your Content Security Policy.",
|
|
6
6
|
"main": "index.js",
|
|
7
7
|
"repository": {
|
|
@@ -26,5 +26,8 @@
|
|
|
26
26
|
"homepage": "https://github.com/netlify/plugin-csp-nonce#readme",
|
|
27
27
|
"scripts": {
|
|
28
28
|
"build": "tsc src/*.ts --noEmit --strict --lib es2018,dom"
|
|
29
|
+
},
|
|
30
|
+
"dependencies": {
|
|
31
|
+
"@netlify/build-info": "^7.15.2"
|
|
29
32
|
}
|
|
30
33
|
}
|
package/src/__csp-nonce.ts
CHANGED
|
@@ -24,8 +24,11 @@ const handler = async (request: Request, context: Context) => {
|
|
|
24
24
|
// for debugging which routes use this edge function
|
|
25
25
|
response.headers.set("x-debug-csp-nonce", "invoked");
|
|
26
26
|
|
|
27
|
-
const isHTMLResponse = response.headers
|
|
28
|
-
|
|
27
|
+
const isHTMLResponse = response.headers
|
|
28
|
+
.get("content-type")
|
|
29
|
+
?.startsWith("text/html");
|
|
30
|
+
const shouldTransformResponse = isHTMLResponse;
|
|
31
|
+
if (!shouldTransformResponse) {
|
|
29
32
|
console.log(`Unnecessary invocation for ${request.url}`, {
|
|
30
33
|
method: request.method,
|
|
31
34
|
"content-type": response.headers.get("content-type"),
|