Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add nonce to configuration #451

Merged
merged 1 commit into from
Sep 8, 2023
Merged

docs: add nonce to configuration #451

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ Partytown does not require a config for it to work, however a config can be set
| `lib` | Path where the Partytown library can be found your server. Note that the path must both start and end with a `/` character, and the files must be hosted from the same origin as the webpage. Default is `/~partytown/` |
| `loadScriptsOnMainThread` | An array of strings used to filter out which script are executed via Partytown and the main thread. An example is as follows: `loadScriptsOnMainThread: ["https://test.com/analytics.js", "inline-script-id"]`.|
| `resolveUrl` | Hook that is called to resolve URLs which can be used to modify URLs. The hook uses the API: `resolveUrl(url: URL, location: URL, method: string)`. See the [Proxying Requests](/proxying-requests) for more information. |
| `nonce` | The nonce property may be set on script elements created by Partytown. This should be set only when dealing with content security policies and when the use of `unsafe-inline` is disabled (using `nonce-*` instead). |

## Vanilla Config

Expand Down
20 changes: 20 additions & 0 deletions src/lib/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -498,6 +498,26 @@ export interface PartytownConfig {
* The nonce property may be set on script elements created by Partytown.
* This should be set only when dealing with content security policies
* and when the use of `unsafe-inline` is disabled (using `nonce-*` instead).
*
* Given the following example:
* ```html
* <head>
* <script nonce="THIS_SHOULD_BE_REPLACED">
* partytown = {
* nonce: 'THIS_SHOULD_BE_REPLACED'
* };
* </script>
* </head>
* ```
*
* The `nonce` property should be generated by the server, and it should be unique
* for each request. You can leave a placeholder, as shown in the above example,
* to facilitate replacement through a regular expression on the server side.
* For instance, you can use the following code:
*
* ```js
* html.replace(/THIS_SHOULD_BE_REPLACED/g, nonce);
* ```
*/
nonce?: string;
}
Expand Down