nuxt-security
nuxt-security copied to clipboard
Baroshem
fix(csp): ensure charset meta at top of head
Closes #444
Types of changes
- [x] Bug fix (a non-breaking change which fixes an issue)
- [ ] New feature (a non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
Description
Currently we insert the CSP meta tag as the first element, to make sure it is read by the UA as soon as possible.
However the W3C spec for HTML5 mentions that the charset meta tag should be the first in head
This PR ensures that the CSP meta tag is inserted right after the charset meta tag, if it exists.
Checklist:
- [ ] My change requires a change to the documentation.
- [ ] I have updated the documentation accordingly.
- [x] I have added tests to cover my changes (if not applicable, please state why)
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| nuxt-security | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | May 10, 2024 1:52pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm closing #445 in favour of this version, which is v2-compatible
- uses the recombineHtml step to generate
metainstead of the spSsgHashes step - uses regex instead of cheerio, in anticipation of completely dropping cheerio in v2
