vike 0.4.238-commit-5762291 → 0.4.238

package/dist/cjs/node/runtime/html/injectAssets/getHtmlTags.js

@@ -15,7 +15,6 @@ const picocolors_1 = __importDefault(require("@brillout/picocolors"));
 const getConfigDefinedAt_js_1 = require("../../../../shared/page-configs/getConfigDefinedAt.js");
 const htmlElementIds_js_1 = require("../../../../shared/htmlElementIds.js");
 const isFontFallback_js_1 = require("../../renderPage/isFontFallback.js");
-const csp_js_1 = require("../../csp.js");
 const stamp = '__injectFilterEntry';
 async function getHtmlTags(pageContext, streamFromReactStreamingPackage, injectFilter, pageAssets, viteDevScript, isStream) {
     (0, utils_js_1.assert)([true, false].includes(pageContext._isHtmlOnly));
@@ -82,7 +81,7 @@ async function getHtmlTags(pageContext, streamFromReactStreamingPackage, injectF
         .forEach((asset) => {
         if (!asset.inject)
             return;
-        const htmlTag = asset.isEntry ? (0, inferHtmlTags_js_1.inferAssetTag)(asset, pageContext) : (0, inferHtmlTags_js_1.inferPreloadTag)(asset);
+        const htmlTag = asset.isEntry ? (0, inferHtmlTags_js_1.inferAssetTag)(asset) : (0, inferHtmlTags_js_1.inferPreloadTag)(asset);
         htmlTags.push({ htmlTag, position: asset.inject });
     });
     // ==========
@@ -143,7 +142,7 @@ async function getHtmlTags(pageContext, streamFromReactStreamingPackage, injectF
         });
     }
     // The JavaScript entry <script> tag
-    const scriptEntry = mergeScriptEntries(pageAssets, viteDevScript, pageContext);
+    const scriptEntry = mergeScriptEntries(pageAssets, viteDevScript);
     if (scriptEntry) {
         htmlTags.push({
             htmlTag: scriptEntry,
@@ -164,9 +163,9 @@ async function getHtmlTags(pageContext, streamFromReactStreamingPackage, injectF
     });
     return htmlTags;
 }
-function mergeScriptEntries(pageAssets, viteDevScript, pageContext) {
+function mergeScriptEntries(pageAssets, viteDevScript) {
     const scriptEntries = pageAssets.filter((pageAsset) => pageAsset.isEntry && pageAsset.assetType === 'script');
-    let scriptEntry = `${viteDevScript}${scriptEntries.map((asset) => (0, inferHtmlTags_js_1.inferAssetTag)(asset, pageContext)).join('')}`;
+    let scriptEntry = `${viteDevScript}${scriptEntries.map((asset) => (0, inferHtmlTags_js_1.inferAssetTag)(asset)).join('')}`;
     // We merge scripts to avoid the infamous HMR preamble error.
     // - Infamous HMR preamble error:
     //   ```browser-console
@@ -184,13 +183,12 @@ function mergeScriptEntries(pageAssets, viteDevScript, pageContext) {
     //   ```
     // - Maybe an alternative would be to make Vike's client runtime entry <script> tag non-async. Would that work? Would it be a performance issue?
     //   - The entry <script> shouldn't be `<script defer>` upon HTML streaming, otherwise progressive hydration while SSR streaming won't work.
-    scriptEntry = (0, mergeScriptTags_js_1.mergeScriptTags)(scriptEntry, pageContext);
+    scriptEntry = (0, mergeScriptTags_js_1.mergeScriptTags)(scriptEntry);
     return scriptEntry;
 }
 function getPageContextJsonScriptTag(pageContext) {
     const pageContextClientSerialized = (0, sanitizeJson_js_1.sanitizeJson)((0, serializeContext_js_1.getPageContextClientSerialized)(pageContext, true));
-    const nonceAttr = (0, csp_js_1.inferNonceAttr)(pageContext);
-    const htmlTag = `<script id="${htmlElementIds_js_1.htmlElementId_pageContext}" type="application/json"${nonceAttr}>${pageContextClientSerialized}</script>`;
+    const htmlTag = `<script id="${htmlElementIds_js_1.htmlElementId_pageContext}" type="application/json">${pageContextClientSerialized}</script>`;
     // Used by contra.com https://github.com/gajus
     // @ts-expect-error
     pageContext._pageContextHtmlTag = htmlTag;
@@ -198,8 +196,7 @@ function getPageContextJsonScriptTag(pageContext) {
 }
 function getGlobalContextJsonScriptTag(pageContext) {
     const globalContextClientSerialized = (0, sanitizeJson_js_1.sanitizeJson)((0, serializeContext_js_1.getGlobalContextClientSerialized)(pageContext, true));
-    const nonceAttr = (0, csp_js_1.inferNonceAttr)(pageContext);
-    const htmlTag = `<script id="${htmlElementIds_js_1.htmlElementId_globalContext}" type="application/json"${nonceAttr}>${globalContextClientSerialized}</script>`;
+    const htmlTag = `<script id="${htmlElementIds_js_1.htmlElementId_globalContext}" type="application/json">${globalContextClientSerialized}</script>`;
     return htmlTag;
 }
 function assertInjectFilterEntries(injectFilterEntries) {

package/dist/cjs/node/runtime/html/injectAssets/inferHtmlTags.js

@@ -5,8 +5,6 @@ exports.inferAssetTag = inferAssetTag;
 exports.inferPreloadTag = inferPreloadTag;
 exports.inferEarlyHintLink = inferEarlyHintLink;
 const utils_js_1 = require("../../utils.js");
-const csp_js_1 = require("../../csp.js");
-// TODO/now rename scriptAttrs scriptCommonAttrs
 // We can't use `defer` here. With `defer`, the entry script won't start before `</body>` has been parsed, preventing progressive hydration during SSR streaming, see https://github.com/vikejs/vike/pull/1271
 const scriptAttrs = 'type="module" async';
 exports.scriptAttrs = scriptAttrs;
@@ -25,12 +23,11 @@ function inferPreloadTag(pageAsset) {
         .join(' ');
     return `<link ${attributes}>`;
 }
-function inferAssetTag(pageAsset, pageContext) {
+function inferAssetTag(pageAsset) {
     const { src, assetType, mediaType } = pageAsset;
     if (assetType === 'script') {
         (0, utils_js_1.assert)(mediaType === 'text/javascript');
-        const nonceAttr = (0, csp_js_1.inferNonceAttr)(pageContext);
-        return `<script src="${src}" ${scriptAttrs}${nonceAttr}></script>`;
+        return `<script src="${src}" ${scriptAttrs}></script>`;
     }
     if (assetType === 'style') {
         // WARNING: if changing following line, then also update https://github.com/vikejs/vike/blob/fae90a15d88e5e87ca9fcbb54cf2dc8773d2f229/vike/client/shared/removeFoucBuster.ts#L29

package/dist/cjs/node/runtime/html/injectAssets/mergeScriptTags.js

@@ -1,13 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.mergeScriptTags = mergeScriptTags;
-const csp_js_1 = require("../../csp.js");
 const utils_js_1 = require("../../utils.js");
 const inferHtmlTags_js_1 = require("./inferHtmlTags.js");
 const scriptRE = /(<script\b(?:\s[^>]*>|>))(.*?)<\/script>/gims;
 const srcRE = /\bsrc\s*=\s*(?:"([^"]+)"|'([^']+)'|([^\s'">]+))/im;
 const typeRE = /\btype\s*=\s*(?:"([^"]+)"|'([^']+)'|([^\s'">]+))/im;
-function mergeScriptTags(scriptTagsHtml, pageContext) {
+function mergeScriptTags(scriptTagsHtml) {
     let scriptTag = '';
     const scripts = parseScripts(scriptTagsHtml);
     // We need to merge module scripts to ensure execution order
@@ -36,8 +35,7 @@ function mergeScriptTags(scriptTagsHtml, pageContext) {
                 }
             });
             if (contents.length > 0) {
-                const nonceAttr = (0, csp_js_1.inferNonceAttr)(pageContext);
-                scriptTag += `<script ${inferHtmlTags_js_1.scriptAttrs}${nonceAttr}>\n${contents.join('\n')}\n</script>`;
+                scriptTag += `<script ${inferHtmlTags_js_1.scriptAttrs}>\n${contents.join('\n')}\n</script>`;
             }
         }
     }

package/dist/cjs/node/runtime/renderPage/loadPageConfigsLazyServerSide.js

@@ -11,7 +11,6 @@ const analyzePage_js_1 = require("./analyzePage.js");
 const loadAndParseVirtualFilePageEntry_js_1 = require("../../../shared/page-configs/loadAndParseVirtualFilePageEntry.js");
 const execHookServer_js_1 = require("./execHookServer.js");
 const getCacheControl_js_1 = require("./getCacheControl.js");
-const csp_js_1 = require("../csp.js");
 async function loadPageConfigsLazyServerSide(pageContext) {
     (0, utils_js_1.objectAssign)(pageContext, {
         _pageConfig: (0, findPageConfig_js_1.findPageConfig)(pageContext._globalContext._pageConfigs, pageContext.pageId),
@@ -56,7 +55,6 @@ async function resolvePageContext(pageContext) {
             passToClient.push(...valS);
         });
     }
-    (0, utils_js_1.objectAssign)(pageContext, await (0, csp_js_1.resolvePageContextCspNone)(pageContext));
     (0, utils_js_1.objectAssign)(pageContext, {
         Page: pageContext.exports.Page,
         _isHtmlOnly: isHtmlOnly,
@@ -127,7 +125,6 @@ async function loadPageUserFiles_v1Design(pageContext) {
         pageFilesLoaded: pageFilesServerSide,
     };
 }
-// TODO/now: move all response headers code to headersResponse.ts
 function resolveHeadersResponse(pageContext) {
     const headersResponse = mergeHeaders(pageContext.config.headersResponse);
     if (!headersResponse.get('Cache-Control')) {
@@ -135,7 +132,6 @@ function resolveHeadersResponse(pageContext) {
         if (cacheControl)
             headersResponse.set('Cache-Control', cacheControl);
     }
-    (0, csp_js_1.addCspHeader)(pageContext, headersResponse);
     return headersResponse;
 }
 function mergeHeaders(headersList = []) {

package/dist/cjs/node/vite/shared/resolveVikeConfigInternal/configDefinitionsBuiltIn.js

@@ -173,9 +173,6 @@ const configDefinitionsBuiltIn = {
         env: { config: true },
         global: true,
     },
-    csp: {
-        env: { server: true },
-    },
     injectScriptsAt: {
         env: { server: true },
     },

package/dist/cjs/shared/page-configs/resolveVikeConfigPublic.js

@@ -1,10 +1,9 @@
 "use strict";
-// TODO/now: rename PageConfig names
+// TO-DO/soon: rename PageConfig names
 // - Use `Internal` suffix, i.e. {Page,Global}ConfigInternal
 //   - While keeping {Page,Global}ConfigPublic or remove Public suffix and rename it to {Page,Global}Config ?
 // - rename EagerLoaded EagerlyLoaded
 // - remove `LazyLoaded` suffix
-// TODO/now: rename VikeConfigPublicPageLazyLoaded PageContextSomething (for `pageContext: PageContextSomething` usage)
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };

package/dist/cjs/utils/PROJECT_VERSION.js

@@ -2,4 +2,4 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PROJECT_VERSION = void 0;
 // Automatically updated by @brillout/release-me
-exports.PROJECT_VERSION = '0.4.238-commit-5762291';
+exports.PROJECT_VERSION = '0.4.238';

package/dist/esm/node/prerender/runPrerender.d.ts

@@ -174,8 +174,6 @@ declare function createPageContextPrerendering(urlOriginal: string, prerenderCon
     _pageConfig: null | import("../../types/PageConfig.js").PageConfigRuntime;
 } & import("../../shared/getPageFiles.js").VikeConfigPublicPageLazyLoaded & {
     _pageConfig: null | import("../../types/PageConfig.js").PageConfigRuntime;
-} & {
-    cspNonce: string;
 } & {
     Page: unknown;
     _isHtmlOnly: boolean;

package/dist/esm/node/runtime/html/injectAssets/getHtmlTags.js

@@ -10,7 +10,6 @@ import pc from '@brillout/picocolors';
 import { getConfigDefinedAt } from '../../../../shared/page-configs/getConfigDefinedAt.js';
 import { htmlElementId_globalContext, htmlElementId_pageContext } from '../../../../shared/htmlElementIds.js';
 import { isFontFallback } from '../../renderPage/isFontFallback.js';
-import { inferNonceAttr } from '../../csp.js';
 const stamp = '__injectFilterEntry';
 async function getHtmlTags(pageContext, streamFromReactStreamingPackage, injectFilter, pageAssets, viteDevScript, isStream) {
     assert([true, false].includes(pageContext._isHtmlOnly));
@@ -77,7 +76,7 @@ async function getHtmlTags(pageContext, streamFromReactStreamingPackage, injectF
         .forEach((asset) => {
         if (!asset.inject)
             return;
-        const htmlTag = asset.isEntry ? inferAssetTag(asset, pageContext) : inferPreloadTag(asset);
+        const htmlTag = asset.isEntry ? inferAssetTag(asset) : inferPreloadTag(asset);
         htmlTags.push({ htmlTag, position: asset.inject });
     });
     // ==========
@@ -138,7 +137,7 @@ async function getHtmlTags(pageContext, streamFromReactStreamingPackage, injectF
         });
     }
     // The JavaScript entry <script> tag
-    const scriptEntry = mergeScriptEntries(pageAssets, viteDevScript, pageContext);
+    const scriptEntry = mergeScriptEntries(pageAssets, viteDevScript);
     if (scriptEntry) {
         htmlTags.push({
             htmlTag: scriptEntry,
@@ -159,9 +158,9 @@ async function getHtmlTags(pageContext, streamFromReactStreamingPackage, injectF
     });
     return htmlTags;
 }
-function mergeScriptEntries(pageAssets, viteDevScript, pageContext) {
+function mergeScriptEntries(pageAssets, viteDevScript) {
     const scriptEntries = pageAssets.filter((pageAsset) => pageAsset.isEntry && pageAsset.assetType === 'script');
-    let scriptEntry = `${viteDevScript}${scriptEntries.map((asset) => inferAssetTag(asset, pageContext)).join('')}`;
+    let scriptEntry = `${viteDevScript}${scriptEntries.map((asset) => inferAssetTag(asset)).join('')}`;
     // We merge scripts to avoid the infamous HMR preamble error.
     // - Infamous HMR preamble error:
     //   ```browser-console
@@ -179,13 +178,12 @@ function mergeScriptEntries(pageAssets, viteDevScript, pageContext) {
     //   ```
     // - Maybe an alternative would be to make Vike's client runtime entry <script> tag non-async. Would that work? Would it be a performance issue?
     //   - The entry <script> shouldn't be `<script defer>` upon HTML streaming, otherwise progressive hydration while SSR streaming won't work.
-    scriptEntry = mergeScriptTags(scriptEntry, pageContext);
+    scriptEntry = mergeScriptTags(scriptEntry);
     return scriptEntry;
 }
 function getPageContextJsonScriptTag(pageContext) {
     const pageContextClientSerialized = sanitizeJson(getPageContextClientSerialized(pageContext, true));
-    const nonceAttr = inferNonceAttr(pageContext);
-    const htmlTag = `<script id="${htmlElementId_pageContext}" type="application/json"${nonceAttr}>${pageContextClientSerialized}</script>`;
+    const htmlTag = `<script id="${htmlElementId_pageContext}" type="application/json">${pageContextClientSerialized}</script>`;
     // Used by contra.com https://github.com/gajus
     // @ts-expect-error
     pageContext._pageContextHtmlTag = htmlTag;
@@ -193,8 +191,7 @@ function getPageContextJsonScriptTag(pageContext) {
 }
 function getGlobalContextJsonScriptTag(pageContext) {
     const globalContextClientSerialized = sanitizeJson(getGlobalContextClientSerialized(pageContext, true));
-    const nonceAttr = inferNonceAttr(pageContext);
-    const htmlTag = `<script id="${htmlElementId_globalContext}" type="application/json"${nonceAttr}>${globalContextClientSerialized}</script>`;
+    const htmlTag = `<script id="${htmlElementId_globalContext}" type="application/json">${globalContextClientSerialized}</script>`;
     return htmlTag;
 }
 function assertInjectFilterEntries(injectFilterEntries) {

package/dist/esm/node/runtime/html/injectAssets/inferHtmlTags.d.ts

@@ -3,8 +3,7 @@ export { inferPreloadTag };
 export { inferEarlyHintLink };
 export { scriptAttrs };
 import type { PageAsset } from '../../renderPage/getPageAssets.js';
-import { type PageContextCspNonce } from '../../csp.js';
 declare const scriptAttrs = "type=\"module\" async";
 declare function inferPreloadTag(pageAsset: PageAsset): string;
-declare function inferAssetTag(pageAsset: PageAsset, pageContext: PageContextCspNonce): string;
+declare function inferAssetTag(pageAsset: PageAsset): string;
 declare function inferEarlyHintLink(pageAsset: PageAsset): string;

package/dist/esm/node/runtime/html/injectAssets/inferHtmlTags.js

@@ -3,8 +3,6 @@ export { inferPreloadTag };
 export { inferEarlyHintLink };
 export { scriptAttrs };
 import { assert } from '../../utils.js';
-import { inferNonceAttr } from '../../csp.js';
-// TODO/now rename scriptAttrs scriptCommonAttrs
 // We can't use `defer` here. With `defer`, the entry script won't start before `</body>` has been parsed, preventing progressive hydration during SSR streaming, see https://github.com/vikejs/vike/pull/1271
 const scriptAttrs = 'type="module" async';
 function inferPreloadTag(pageAsset) {
@@ -22,12 +20,11 @@ function inferPreloadTag(pageAsset) {
         .join(' ');
     return `<link ${attributes}>`;
 }
-function inferAssetTag(pageAsset, pageContext) {
+function inferAssetTag(pageAsset) {
     const { src, assetType, mediaType } = pageAsset;
     if (assetType === 'script') {
         assert(mediaType === 'text/javascript');
-        const nonceAttr = inferNonceAttr(pageContext);
-        return `<script src="${src}" ${scriptAttrs}${nonceAttr}></script>`;
+        return `<script src="${src}" ${scriptAttrs}></script>`;
     }
     if (assetType === 'style') {
         // WARNING: if changing following line, then also update https://github.com/vikejs/vike/blob/fae90a15d88e5e87ca9fcbb54cf2dc8773d2f229/vike/client/shared/removeFoucBuster.ts#L29

package/dist/esm/node/runtime/html/injectAssets/mergeScriptTags.d.ts

@@ -1,3 +1,2 @@
 export { mergeScriptTags };
-import { type PageContextCspNonce } from '../../csp.js';
-declare function mergeScriptTags(scriptTagsHtml: string, pageContext: PageContextCspNonce): string;
+declare function mergeScriptTags(scriptTagsHtml: string): string;

package/dist/esm/node/runtime/html/injectAssets/mergeScriptTags.js

@@ -1,11 +1,10 @@
 export { mergeScriptTags };
-import { inferNonceAttr } from '../../csp.js';
 import { assert } from '../../utils.js';
 import { scriptAttrs } from './inferHtmlTags.js';
 const scriptRE = /(<script\b(?:\s[^>]*>|>))(.*?)<\/script>/gims;
 const srcRE = /\bsrc\s*=\s*(?:"([^"]+)"|'([^']+)'|([^\s'">]+))/im;
 const typeRE = /\btype\s*=\s*(?:"([^"]+)"|'([^']+)'|([^\s'">]+))/im;
-function mergeScriptTags(scriptTagsHtml, pageContext) {
+function mergeScriptTags(scriptTagsHtml) {
     let scriptTag = '';
     const scripts = parseScripts(scriptTagsHtml);
     // We need to merge module scripts to ensure execution order
@@ -34,8 +33,7 @@ function mergeScriptTags(scriptTagsHtml, pageContext) {
                 }
             });
             if (contents.length > 0) {
-                const nonceAttr = inferNonceAttr(pageContext);
-                scriptTag += `<script ${scriptAttrs}${nonceAttr}>\n${contents.join('\n')}\n</script>`;
+                scriptTag += `<script ${scriptAttrs}>\n${contents.join('\n')}\n</script>`;
             }
         }
     }

package/dist/esm/node/runtime/html/serializeContext.d.ts

@@ -8,7 +8,6 @@ import type { UrlRedirect } from '../../../shared/route/abort.js';
 import type { GlobalContextServerInternal } from '../globalContext.js';
 import type { PageContextCreated } from '../renderPage/createPageContextServerSide.js';
 import type { PageContextBegin } from '../renderPage.js';
-import type { PageContextCspNonce } from '../csp.js';
 type PageContextSerialization = PageContextCreated & {
     pageId: string;
     routeParams: Record<string, string>;
@@ -18,7 +17,7 @@ type PageContextSerialization = PageContextCreated & {
     _pageContextInit: Record<string, unknown>;
     _globalContext: GlobalContextServerInternal;
     _isPageContextJsonRequest: null | PageContextBegin['_isPageContextJsonRequest'];
-} & PageContextCspNonce;
+};
 declare function getPageContextClientSerialized(pageContext: PageContextSerialization, isHtmlJsonScript: boolean): string;
 declare function getGlobalContextClientSerialized(pageContext: PageContextSerialization, isHtmlJsonScript: boolean): string;
 type PassToClient = string[];

package/dist/esm/node/runtime/renderPage/loadPageConfigsLazyServerSide.d.ts

@@ -111,8 +111,6 @@ declare function loadPageConfigsLazyServerSide(pageContext: PageContext_loadPage
     _pageConfig: null | PageConfigRuntime;
 } & VikeConfigPublicPageLazyLoaded & {
     _pageConfig: null | PageConfigRuntime;
-} & {
-    cspNonce: string;
 } & {
     Page: unknown;
     _isHtmlOnly: boolean;

package/dist/esm/node/runtime/renderPage/loadPageConfigsLazyServerSide.js

@@ -9,7 +9,6 @@ import { analyzePage } from './analyzePage.js';
 import { loadAndParseVirtualFilePageEntry } from '../../../shared/page-configs/loadAndParseVirtualFilePageEntry.js';
 import { execHookServer } from './execHookServer.js';
 import { getCacheControl } from './getCacheControl.js';
-import { addCspHeader, resolvePageContextCspNone } from '../csp.js';
 async function loadPageConfigsLazyServerSide(pageContext) {
     objectAssign(pageContext, {
         _pageConfig: findPageConfig(pageContext._globalContext._pageConfigs, pageContext.pageId),
@@ -54,7 +53,6 @@ async function resolvePageContext(pageContext) {
             passToClient.push(...valS);
         });
     }
-    objectAssign(pageContext, await resolvePageContextCspNone(pageContext));
     objectAssign(pageContext, {
         Page: pageContext.exports.Page,
         _isHtmlOnly: isHtmlOnly,
@@ -125,7 +123,6 @@ async function loadPageUserFiles_v1Design(pageContext) {
         pageFilesLoaded: pageFilesServerSide,
     };
 }
-// TODO/now: move all response headers code to headersResponse.ts
 function resolveHeadersResponse(pageContext) {
     const headersResponse = mergeHeaders(pageContext.config.headersResponse);
     if (!headersResponse.get('Cache-Control')) {
@@ -133,7 +130,6 @@ function resolveHeadersResponse(pageContext) {
         if (cacheControl)
             headersResponse.set('Cache-Control', cacheControl);
     }
-    addCspHeader(pageContext, headersResponse);
     return headersResponse;
 }
 function mergeHeaders(headersList = []) {

package/dist/esm/node/runtime/renderPage/renderPageAfterRoute.d.ts

@@ -127,8 +127,6 @@ declare function prerenderPage(pageContext: PageContextCreated & PageConfigsLazy
         _pageConfig: null | import("../../../types/PageConfig.js").PageConfigRuntime;
     } & import("../../../shared/getPageFiles.js").VikeConfigPublicPageLazyLoaded & {
         _pageConfig: null | import("../../../types/PageConfig.js").PageConfigRuntime;
-    } & {
-        cspNonce: string;
     } & {
         Page: unknown;
         _isHtmlOnly: boolean;
@@ -248,8 +246,6 @@ declare function prerenderPage(pageContext: PageContextCreated & PageConfigsLazy
         _pageConfig: null | import("../../../types/PageConfig.js").PageConfigRuntime;
     } & import("../../../shared/getPageFiles.js").VikeConfigPublicPageLazyLoaded & {
         _pageConfig: null | import("../../../types/PageConfig.js").PageConfigRuntime;
-    } & {
-        cspNonce: string;
     } & {
         Page: unknown;
         _isHtmlOnly: boolean;

package/dist/esm/node/vite/shared/resolveVikeConfigInternal/configDefinitionsBuiltIn.js

@@ -171,9 +171,6 @@ const configDefinitionsBuiltIn = {
         env: { config: true },
         global: true,
     },
-    csp: {
-        env: { server: true },
-    },
     injectScriptsAt: {
         env: { server: true },
     },

package/dist/esm/shared/page-configs/resolveVikeConfigPublic.js

@@ -1,9 +1,8 @@
-// TODO/now: rename PageConfig names
+// TO-DO/soon: rename PageConfig names
 // - Use `Internal` suffix, i.e. {Page,Global}ConfigInternal
 //   - While keeping {Page,Global}ConfigPublic or remove Public suffix and rename it to {Page,Global}Config ?
 // - rename EagerLoaded EagerlyLoaded
 // - remove `LazyLoaded` suffix
-// TODO/now: rename VikeConfigPublicPageLazyLoaded PageContextSomething (for `pageContext: PageContextSomething` usage)
 // TO-DO/soon/same-api: use public API internally?
 // TO-DO/soon/flat-pageContext: rename definedAt => definedBy
 export { resolveVikeConfigPublicGlobal };

package/dist/esm/types/Config.d.ts

@@ -468,14 +468,6 @@ type ConfigBuiltIn = {
      * https://vike.dev/mode
      */
     mode?: string;
-    /**
-     * Content Security Policy (CSP).
-     *
-     * https://vike.dev/csp
-     */
-    csp?: {
-        nonce: boolean | ((pageContext: PageContextServer) => string | Promise<string>);
-    };
     /** Where scripts are injected in the HTML.
      *
      * https://vike.dev/injectScriptsAt

package/dist/esm/types/PageContext.d.ts

@@ -183,12 +183,6 @@ type PageContextBuiltInServer<Data> = PageContextBuiltInCommon<Data> & PageConte
      * https://vike.dev/pageContext#globalContext
      */
     globalContext: GlobalContextServer;
-    /**
-     * The CSP nonce.
-     *
-     * https://vike.dev/csp
-     */
-    cspNonce?: string;
     isHydration?: undefined;
     isBackwardNavigation?: undefined;
     previousPageContext?: undefined;

package/dist/esm/utils/PROJECT_VERSION.d.ts

@@ -1 +1 @@
-export declare const PROJECT_VERSION: "0.4.238-commit-5762291";
+export declare const PROJECT_VERSION: "0.4.238";

package/dist/esm/utils/PROJECT_VERSION.js

@@ -1,2 +1,2 @@
 // Automatically updated by @brillout/release-me
-export const PROJECT_VERSION = '0.4.238-commit-5762291';
+export const PROJECT_VERSION = '0.4.238';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vike",
-  "version": "0.4.238-commit-5762291",
+  "version": "0.4.238",
   "repository": "https://github.com/vikejs/vike",
   "exports": {
     "./server": {

package/dist/cjs/node/runtime/csp.js

@@ -1,46 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.resolvePageContextCspNone = resolvePageContextCspNone;
-exports.inferNonceAttr = inferNonceAttr;
-exports.addCspHeader = addCspHeader;
-const import_1 = require("@brillout/import");
-async function resolvePageContextCspNone(pageContext) {
-    if (pageContext.cspNonce)
-        return; // already set by user e.g. `renderPage({ cspNonce: '123456789' })`
-    const { csp } = pageContext.config;
-    if (!csp?.nonce)
-        return;
-    let cspNonce;
-    if (csp.nonce === true) {
-        cspNonce = await generateNonce();
-    }
-    else {
-        cspNonce = await csp.nonce(pageContext);
-    }
-    const pageContextAddendum = { cspNonce };
-    return pageContextAddendum;
-}
-// Generate a cryptographically secure nonce for Content Security Policy (CSP).
-// Returns a base64url-encoded nonce string (URL-safe, no padding).
-// https://github.com/vikejs/vike/issues/1554#issuecomment-3181128304
-async function generateNonce() {
-    let cryptoModule;
-    try {
-        cryptoModule = (await (0, import_1.import_)('crypto')).default;
-    }
-    catch {
-        return Math.random().toString(36).substring(2, 18);
-    }
-    return cryptoModule.randomBytes(16).toString('base64url');
-}
-function inferNonceAttr(pageContext) {
-    const nonceAttr = pageContext.cspNonce ? ` nonce="${pageContext.cspNonce}"` : '';
-    return nonceAttr;
-}
-function addCspHeader(pageContext, headersResponse) {
-    if (!pageContext.cspNonce)
-        return;
-    if (headersResponse.get('Content-Security-Policy'))
-        return;
-    headersResponse.set('Content-Security-Policy', `script-src 'self' 'nonce-${pageContext.cspNonce}'`);
-}

package/dist/esm/node/runtime/csp.d.ts

@@ -1,12 +0,0 @@
-export { resolvePageContextCspNone };
-export { inferNonceAttr };
-export { addCspHeader };
-export type { PageContextCspNonce };
-import type { VikeConfigPublicPageLazyLoaded } from '../../shared/getPageFiles.js';
-import type { PageContextServer } from '../../types/PageContext.js';
-declare function resolvePageContextCspNone(pageContext: VikeConfigPublicPageLazyLoaded & PageContextCspNonce): Promise<{
-    cspNonce: string;
-} | undefined>;
-type PageContextCspNonce = Pick<PageContextServer, 'cspNonce'>;
-declare function inferNonceAttr(pageContext: PageContextCspNonce): string;
-declare function addCspHeader(pageContext: PageContextCspNonce, headersResponse: Headers): void;

package/dist/esm/node/runtime/csp.js

@@ -1,44 +0,0 @@
-export { resolvePageContextCspNone };
-export { inferNonceAttr };
-export { addCspHeader };
-import { import_ } from '@brillout/import';
-async function resolvePageContextCspNone(pageContext) {
-    if (pageContext.cspNonce)
-        return; // already set by user e.g. `renderPage({ cspNonce: '123456789' })`
-    const { csp } = pageContext.config;
-    if (!csp?.nonce)
-        return;
-    let cspNonce;
-    if (csp.nonce === true) {
-        cspNonce = await generateNonce();
-    }
-    else {
-        cspNonce = await csp.nonce(pageContext);
-    }
-    const pageContextAddendum = { cspNonce };
-    return pageContextAddendum;
-}
-// Generate a cryptographically secure nonce for Content Security Policy (CSP).
-// Returns a base64url-encoded nonce string (URL-safe, no padding).
-// https://github.com/vikejs/vike/issues/1554#issuecomment-3181128304
-async function generateNonce() {
-    let cryptoModule;
-    try {
-        cryptoModule = (await import_('crypto')).default;
-    }
-    catch {
-        return Math.random().toString(36).substring(2, 18);
-    }
-    return cryptoModule.randomBytes(16).toString('base64url');
-}
-function inferNonceAttr(pageContext) {
-    const nonceAttr = pageContext.cspNonce ? ` nonce="${pageContext.cspNonce}"` : '';
-    return nonceAttr;
-}
-function addCspHeader(pageContext, headersResponse) {
-    if (!pageContext.cspNonce)
-        return;
-    if (headersResponse.get('Content-Security-Policy'))
-        return;
-    headersResponse.set('Content-Security-Policy', `script-src 'self' 'nonce-${pageContext.cspNonce}'`);
-}