nuxt
fix(NuxtImg): add image onerror handler in internal script to avoid s…
…cript-src-attr CSP violation
🔗 Linked issue
Resolves #1011
❓ Type of change
- [ ] 📖 Documentation (updates to the documentation or readme)
- [ ] 🐞 Bug fix (a non-breaking change that fixes an issue)
- [x ] 👌 Enhancement (improving an existing functionality)
- [ ] ✨ New feature (a non-breaking change that adds functionality)
- [ ] 🧹 Chore (updates to the build process or auxiliary tools and libraries)
- [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to change)
📚 Description
The CSP header "script-src-attr" prevents inline javascript from executing when the header's value is set to 'none'. By adding the error event handler in the onMounted hook, it becomes easier for Nuxt Security to add a hash to the script and allow the error handler to execute.
@bobeatspie is attempting to deploy a commit to the NuxtLabs Team on Vercel.
A member of the Team first needs to authorize it.
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
![pkg-pr-new[bot] avatar](https://avatars.githubusercontent.com/in/882742?v=4 "Published by a pub.dev verified publisher"){kind=small}
the purpose of the inline js is to capture errors that occur before vue has hydrated the page
we might also be able to add a script in <head> that adds an event listener for image load events....
I've marked as draft for my own triage - feel free to unmark whenever it's ready for review.
