@netlify/plugin-csp-nonce 1.3.9 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/manifest.yml +6 -0
  2. package/package.json +1 -1
  3. package/src/__csp-nonce.ts +2 -2
package/manifest.yml CHANGED
@@ -14,3 +14,9 @@ inputs:
14
14
  - name: excludedPath
15
15
  description: The glob expressions of path(s) that *should not* invoke the CSP nonce edge function. Must be an array of strings. This value gets spread with common non-html filetype extensions (*.css, *.js, *.svg, etc)
16
16
  default: []
17
+ - name: unsafeInline
18
+ description: When true, allows the execution of inline scripts, such as those defined within <script> tags or through onclick attributes.
19
+ default: true
20
+ - name: self
21
+ description: When true, restricts the execution of scripts to those that originate from the same origin (protocol, domain, and port) as the document.
22
+ default: true
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "private": false,
3
3
  "name": "@netlify/plugin-csp-nonce",
4
- "version": "1.3.9",
4
+ "version": "1.4.0",
5
5
  "description": "Use a nonce for the script-src and style-src directives of your Content Security Policy.",
6
6
  "main": "index.js",
7
7
  "repository": {
package/src/__csp-nonce.ts CHANGED
@@ -25,8 +25,8 @@ params.reportUri = params.reportUri || "/.netlify/functions/__csp-violations";
25
25
  params.distribution = Netlify.env.get("CSP_NONCE_DISTRIBUTION");
26
26
 
27
27
  params.strictDynamic = true;
28
- params.unsafeInline = true;
29
- params.self = true;
28
+ params.unsafeInline = params.unsafeInline ?? true;
29
+ params.self = params.self ?? true;
30
30
  params.https = true;
31
31
  params.http = true;
32
32