Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(@angular/build): add CSP nonce attribute to script tags when inline critical CSS is disabled #28114

Merged
merged 1 commit into from
Jul 29, 2024
Merged

fix(@angular/build): add CSP nonce attribute to script tags when inline critical CSS is disabled #28114

merged 1 commit into from
Jul 29, 2024

Conversation

alan-agius4
Copy link
Collaborator

Prior to this change when inline critical CSS is disabled CSP nonce was not added to script tags.

Closes #28102

@alan-agius4 alan-agius4 added the target: patch This PR is targeted for the next patch release label Jul 26, 2024
@alan-agius4 alan-agius4 requested a review from clydin July 26, 2024 08:02
@alan-agius4 alan-agius4 added the action: review The PR is still awaiting reviews from at least one requested reviewer label Jul 26, 2024
@alan-agius4 alan-agius4 requested review from dgp1130 and removed request for clydin July 26, 2024 08:03
dgp1130
dgp1130 approved these changes Jul 26, 2024
View reviewed changes
Copy link
Collaborator

@dgp1130 dgp1130 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any easy opportunity for a test to ensure that the nonce is set in this scenario?

@alan-agius4
fix(@angular/build): add CSP nonce attribute to script tags when in…
d80e4c2 
…line critical CSS is disabled

Prior to this change when inline critical CSS is disabled CSP `nonce` was not added to script tags.

Closes angular#28102
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Jul 29, 2024
@alan-agius4 alan-agius4 merged commit 636cb69 into angular:main Jul 29, 2024
30 of 31 checks passed
@alan-agius4 alan-agius4 deleted the csp-nonce branch July 29, 2024 08:30
@alan-agius4
Copy link
Collaborator Author

The changes were merged into the following branches: main, 18.1.x

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Aug 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dgp1130 dgp1130 dgp1130 approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker target: patch This PR is targeted for the next patch release
Projects
None yet
Milestone
No milestone
2 participants
@alan-agius4 @dgp1130