Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ new csp middleware with full typing+IntelliSense and versatile getCspInitialProps #36

Merged
merged 7 commits into from
Jul 6, 2022
Merged

✨ new csp middleware with full typing+IntelliSense and versatile getCspInitialProps #36

merged 7 commits into from
Jul 6, 2022

Commits on Jul 6, 2022

  1. feat(middleware): ✨ new csp middleware + full IntelliSense for CSPs 

    feat: improve interfaces + strong typing for CSP directives
- typing borrowed from SvelteKit integration,
- auto-handling of annoying single quotes with some literal values
- support for boolean directives that don't need any values
- uaParser passed to config intializer for convenience
- provide extensive JSDoc inline docs

feat: new `csp` middleware to replace CSP config from next-safe
- uses new strong typing and agrees more with the design of this lib

feat: reporting endpoint can take multiple reporters + Sentry reporting helper

fix: base64 encode nonce
- to meet all requirement as stated in https://web.dev/strict-csp/#generate-a-nonce-for-csp

fix: no need to subsitute relative paths in reporting
- violations will also be reported to endpoints with realtive paths
    @nibtime
    nibtime committed Jul 6, 2022
    Configuration menu
    Copy the full SHA
    7cc0efa View commit details
    Browse the repository at this point in the history

  2. feat(document): ✨ new configurable getCspInitialProps 

    is more versatile towards different use cases and setups now.

- inline style trustification opt-in
- option to pass raw css text to hash for CSP
- enhance App option so nonce can be passed to _app.js for Providers
- script trustification opt-out

fix: load `initialProps.html` with cheerio in fragment mode
- to avoid multiple <html> tags in prerendered HTML
    @nibtime
    nibtime committed Jul 6, 2022
    Configuration menu
    Copy the full SHA
    4e1baea View commit details
    Browse the repository at this point in the history

  3. build(e2e): upgrade to Tailwind 3, add Mantine 

    add @mantine/core (and 2 others)
update @tailwindcss/typography to ^0.5.2 (and 2 others)
add tabler-icons-react
    @nibtime
    nibtime committed Jul 6, 2022
    Configuration menu
    Copy the full SHA
    c86ae87 View commit details
    Browse the repository at this point in the history

  4. feat(e2e): use package updates + extensive setup with Mantine 

    as requested in #34

good opportunity to test the lib with another great UI framework
and CSS-in-JS lib
    @nibtime
    nibtime committed Jul 6, 2022
    Configuration menu
    Copy the full SHA
    c1a975a View commit details
    Browse the repository at this point in the history

  5. docs: new README, LICENSE and CONTRIBUTING

    @nibtime
    nibtime committed Jul 6, 2022
    Configuration menu
    Copy the full SHA
    ecbf79a View commit details
    Browse the repository at this point in the history

  6. chore(changesets): ➕ add

    @nibtime
    nibtime committed Jul 6, 2022
    Configuration menu
    Copy the full SHA
    8160691 View commit details
    Browse the repository at this point in the history

  7. test(e2e): 🐛 adapt heading test to updated content

    @nibtime
    nibtime committed Jul 6, 2022
    Configuration menu
    Copy the full SHA
    b6e66fd View commit details
    Browse the repository at this point in the history