Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

@vitejs/plugin-legacy CSP hashes outdated #12112

Closed
1 task done
anderskiaer opened this issue Feb 19, 2023 · 0 comments · Fixed by #12118
Closed
1 task done

@vitejs/plugin-legacy CSP hashes outdated #12112

anderskiaer opened this issue Feb 19, 2023 · 0 comments · Fixed by #12118
Labels
documentation Improvements or additions to documentation

Comments

@anderskiaer
Copy link

anderskiaer commented Feb 19, 2023

Documentation is

  • Outdated

Explain in Detail

The last two hashes listed in https://github.com/vitejs/vite/tree/main/packages/plugin-legacy#content-security-policy, which comes from

- `sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=`
- `sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=`
- `sha256-BoFUHKsYhJ9tbsHugtNQCmnkBbZ11pcW6kZguu+T+EU=`
- `sha256-A18HC3jLpyEc9B8oyxq/NBFCyFBJFSsRLt0gmT9kft8=`
appears to be outdated.

The hashes returned from import { cspHashes } from '@vitejs/plugin-legacy' using v4.0.1:

[
  'MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=',
  'tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=',
  'p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo=',
  '+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='
]

Your Suggestion for Changes

  • Update the README.md file in @vitejs/plugin-legacy to have correct hashes.
  • Should there also be added an automatic CI test that e.g. checks that the hashes in cspHashes from @vitejs/plugin-legacy exists in the README.md in order to ensure it does not get outdated again?

Reproduction

No response

Steps to reproduce

No response

@anderskiaer anderskiaer added the documentation Improvements or additions to documentation label Feb 19, 2023
sun0day added a commit to sun0day/vite that referenced this issue Feb 20, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Mar 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Improvements or additions to documentation
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant