You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.
If I am not mistaken, the only way to make the CSS output of nuxt-buefy currently work with a CSP setup would be through the 'unsafe-inline' setting. I see two ways to enhance security here:
Transfer the CSS output to a separate file.
Add the hash of the inline style to the HTTP response header.
Regarding 2, I'm a bit clueless if that would be done in nuxt-buefy or via Webpack or in Nuxt itself somehow.
Does any of that make sense?
The text was updated successfully, but these errors were encountered:
@stieben@kikuomax Not to me. This flew right over my head 😂 But with some digging and help I'm sure I could make sense of this issue. Security is Key. I will be investigating this further. Feel free to reach out to me on the Buefy official discord. Thanks!
Adding a vote for this for Buefy v2: the fontawesome css dependency was flagged in a recent security scan of our app because of the lack of the integrity attribute in the style tag.
If I am not mistaken, the only way to make the CSS output of
nuxt-buefy
currently work with a CSP setup would be through the'unsafe-inline'
setting. I see two ways to enhance security here:Regarding 2, I'm a bit clueless if that would be done in
nuxt-buefy
or via Webpack or in Nuxt itself somehow.Does any of that make sense?
The text was updated successfully, but these errors were encountered: