Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

feat(useStyleTag): support passing nonce #4749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 14, 2025
Merged

feat(useStyleTag): support passing nonce #4749

merged 4 commits into from
May 14, 2025

Conversation

1-dilikelei
Copy link
Contributor

Before submitting the PR, please make sure you do the following

  • Read the Contributing Guidelines.
  • Read the Pull Request Guidelines.
  • Check that there isn't already a PR that solves the problem the same way to avoid creating a duplicate.
  • Provide a description in this PR that addresses what the PR is solving, or reference the issue that it solves (e.g. fixes #123).
  • Ideally, include relevant tests that fail without this PR but pass with it.
⚠️ Slowing down new functions

Warning: Slowing down new functions

As the VueUse audience continues to grow, we have been inundated with an overwhelming number of feature requests and pull requests. As a result, maintaining the project has become increasingly challenging and has stretched our capacity to its limits. As such, in the near future, we may need to slow down our acceptance of new features and prioritize the stability and quality of existing functions. Please note that new features for VueUse may not be accepted at this time. If you have any new ideas, we suggest that you first incorporate them into your own codebase, iterate on them to suit your needs, and assess their generalizability. If you strongly believe that your ideas are beneficial to the community, you may submit a pull request along with your use cases, and we would be happy to review and discuss them. Thank you for your understanding.

Description

#4741 Bypass the strict Content Security Policy (CSP) using nonce

// Example of CSP header
Content-Security-Policy: style-src 'self' 'nonce-EDNnf03nceIOfn39fn3e9h3sdfa';

// Pass in the nonce when using it
useStyleTag(css, {
nonce: 'EDNnf03nceIOfn39fn3e9h3sdfa'
})

Additional context

@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label May 13, 2025
@OrbisK OrbisK changed the title fix(useStyleTag):Bypass the strict Content Security Policy (CSP) using nonce fix(useStyleTag): bypass the strict Content Security Policy (CSP) using nonce May 13, 2025
OrbisK
OrbisK requested changes May 13, 2025
View reviewed changes
packages/core/useStyleTag/index.ts Outdated
@@ -53,7 +53,7 @@ let _id = 0
*/
export function useStyleTag(
css: MaybeRef<string>,
options: UseStyleTagOptions = {},
options: UseStyleTagOptions & { nonce?: string } = {},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should add this here:

vueuse/packages/core/useScriptTag/index.ts

Lines 8 to 48 in 92d855e

export interface UseScriptTagOptions extends ConfigurableDocument {
/**
* Load the script immediately
*
* @default true
*/
immediate?: boolean
/**
* Add `async` attribute to the script tag
*
* @default true
*/
async?: boolean
/**
* Script type
*
* @default 'text/javascript'
*/
type?: string
/**
* Manual controls the timing of loading and unloading
*
* @default false
*/
manual?: boolean
crossOrigin?: 'anonymous' | 'use-credentials'
referrerPolicy?: 'no-referrer' | 'no-referrer-when-downgrade' | 'origin' | 'origin-when-cross-origin' | 'same-origin' | 'strict-origin' | 'strict-origin-when-cross-origin' | 'unsafe-url'
noModule?: boolean
defer?: boolean
/**
* Add custom attribute to the script tag
*
*/
attrs?: Record<string, string>
}

with proper docstring

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I will write the type in the location you mentioned.

ferferga
ferferga requested changes May 13, 2025
View reviewed changes
packages/core/useStyleTag/index.ts Outdated Show resolved Hide resolved
@antfu antfu changed the title fix(useStyleTag): bypass the strict Content Security Policy (CSP) using nonce feat(useStyleTag): support passing nonce May 14, 2025
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label May 14, 2025
@antfu antfu enabled auto-merge May 14, 2025 04:39
@antfu antfu disabled auto-merge May 14, 2025 05:15
@antfu antfu merged commit fa2c00a into vueuse:main May 14, 2025
8 checks passed
@ilyaliao ilyaliao mentioned this pull request May 14, 2025
Closed
7 tasks
This was referenced May 14, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ferferga ferferga ferferga requested changes

@OrbisK OrbisK OrbisK requested changes

@antfu antfu antfu approved these changes

Assignees
No one assigned
Labels
lgtm This PR has been approved by a maintainer size:XS This PR changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@1-dilikelei @ferferga @antfu @OrbisK
Morty Proxy This is a proxified and sanitized view of the page, visit original site.