nuxt-security icon indicating copy to clipboard operation
nuxt-security copied to clipboard
verified publisher icon Baroshem

fix: devtools being blocked in strict mode

Open dungsil opened this issue 1 year ago • 1 comments

Types of changes

  • [X] Bug fix (a non-breaking change which fixes an issue)
  • [ ] New feature (a non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)

Description

Fix devtools being blocked when strict mode is enabled

88dbb4c4f7d10e05a01336d6bf409e1434aaabd5 the existing documentation has been removed, so it should work the same in strict mode as in none-strict mode

ref: #487

Checklist:

  • [ ] My change requires a change to the documentation.
  • [ ] I have updated the documentation accordingly.
  • [ ] I have added tests to cover my changes (if not applicable, please state why)

dungsil avatar Sep 30 '24 10:09 dungsil

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
nuxt-security ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 30, 2024 10:31am

vercel[bot] avatar Sep 30 '24 10:09 vercel[bot]

Hey @dungsil

Thanks for this PR. @vejja do you think we could change that to allow DevTools to work in Strict? DevTools will work only in development so the code proposed by @dungsil shouldn't affect the production env in any way.

Baroshem avatar Oct 03 '24 11:10 Baroshem

For strict mode, I think it might be a good idea to provide documentation the same as v1.0. Like adding this to the Advanced > Strict CSP document:

dungsil avatar Oct 07 '24 06:10 dungsil

Hi Yes this change is ok By the way we should probably think about refactoring the Advanced > Strict CSP section because it is now a source of confusion: the strict default config has no relationship with Strict CSP. That section was initially intended as a user guide when we didn't have reasonable defaults that allowed CSP to work in all setups. We have much less issues and questions raised now.

vejja avatar Oct 08 '24 09:10 vejja

Thanks @dungsil @vejja I have merged this PR to 2.1.0 branch that will be used to release a new major version :)

Baroshem avatar Oct 08 '24 09:10 Baroshem

I think major would be a 3.x.x, 2.1.x should be a "feature" level release. This being a fix could've translated into a quick 2.0.1 also 😁

dargmuesli avatar Oct 08 '24 12:10 dargmuesli

I think major would be a 3.x.x, 2.1.x should be a "feature" level release. This being a fix could've translated into a quick 2.0.1 also 😁

Correct, I meant minor 2.1.0. Thanks for correcting! :)

Baroshem avatar Oct 08 '24 13:10 Baroshem