@netlify/plugin-csp-nonce 1.3.7 → 1.3.9

package/package.json

@@ -1,7 +1,7 @@
 {
   "private": false,
   "name": "@netlify/plugin-csp-nonce",
-  "version": "1.3.7",
+  "version": "1.3.9",
   "description": "Use a nonce for the script-src and style-src directives of your Content Security Policy.",
   "main": "index.js",
   "repository": {
@@ -36,6 +36,6 @@
     "test": "vitest"
   },
   "dependencies": {
-    "@netlify/build-info": "^7.15.2"
+    "@netlify/build-info": "^8.0.0"
   }
 }

package/src/__csp-nonce.ts

@@ -2,7 +2,7 @@
 // @ts-ignore
 import type { Config, Context } from "netlify:edge";
 // @ts-ignore
-import { csp } from "https://deno.land/x/csp_nonce_html_transformer@v2.2.1/src/index-embedded-wasm.ts";
+import { csp } from "https://deno.land/x/csp_nonce_html_transformer@v2.2.2/src/index-embedded-wasm.ts";
 // @ts-ignore
 import inputs from "./__csp-nonce-inputs.json" assert { type: "json" };
 
@@ -31,11 +31,23 @@ params.https = true;
 params.http = true;
 
 const handler = async (_request: Request, context: Context) => {
-  const response = await context.next();
-
-  // for debugging which routes use this edge function
-  response.headers.set("x-debug-csp-nonce", "invoked");
-  return csp(response, params);
+  try {
+    const response = await context.next();
+    // for debugging which routes use this edge function
+    response.headers.set("x-debug-csp-nonce", "invoked");
+    return csp(response, params);
+  } catch {
+    /*
+      We catch all the throws and return undefined
+      The reason we do this is because returning undefined
+      will cause the next edge function in the chain to be
+      executed.
+      This is equivalent to setting the Edge Function's 
+      `config.onError` property to "bypass", but is handled 
+      completely by the Edge Function instead of by something else.
+    */
+    return void 0;
+  }
 };
 
 // Top 50 most common extensions (minus .html and .htm) according to Humio