✨ new csp middleware with full typing+IntelliSense and versatile getCspInitialProps #36
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
feat: improve interfaces + strong typing for CSP directives - typing borrowed from SvelteKit integration, - auto-handling of annoying single quotes with some literal values - support for boolean directives that don't need any values - uaParser passed to config intializer for convenience - provide extensive JSDoc inline docs feat: new `csp` middleware to replace CSP config from next-safe - uses new strong typing and agrees more with the design of this lib feat: reporting endpoint can take multiple reporters + Sentry reporting helper fix: base64 encode nonce - to meet all requirement as stated in https://web.dev/strict-csp/#generate-a-nonce-for-csp fix: no need to subsitute relative paths in reporting - violations will also be reported to endpoints with realtive paths
is more versatile towards different use cases and setups now. - inline style trustification opt-in - option to pass raw css text to hash for CSP - enhance App option so nonce can be passed to _app.js for Providers - script trustification opt-out fix: load `initialProps.html` with cheerio in fragment mode - to avoid multiple <html> tags in prerendered HTML
add @mantine/core (and 2 others) update @tailwindcss/typography to ^0.5.2 (and 2 others) add tabler-icons-react
as requested in #34 good opportunity to test the lib with another great UI framework and CSS-in-JS lib
🦋 Changeset detectedLatest commit: b6e66fd The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #29, fixes #31, fixes #28
e2e app with full setup for Mantine/emotion, as requested in #34