Skip to content

CSP Plugin doesn't put the nonce value into CSP meta tag on Windows #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
5 of 9 tasks
LightwithoutLisonlyight opened this issue May 25, 2021 · 2 comments
Closed
5 of 9 tasks

CSP Plugin doesn't put the nonce value into CSP meta tag on Windows #93

LightwithoutLisonlyight opened this issue May 25, 2021 · 2 comments

Comments

@LightwithoutLisonlyight
Copy link

Description

Describe your issue here.

What type of issue is this? (place an x in one of the [ ])

  • bug
  • enhancement (feature request)
  • question
  • documentation related
  • testing related
  • discussion

Requirements (place an x in each of the [ ])

  • I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

If i use this CSP configuration on Mac

new CspHtmlWebpackPlugin(
      {
        'script-src': ['\'strict-dynamic\''],
        'style-src': ['\'self\''],
        'frame-src': ['\'none\''],
        'worker-src': ['\'none\'']
      },
      {
        enabled: true,
        hashingMethod: 'sha512',
        hashEnabled: {
          'script-src': true,
          'style-src': true
        },
        nonceEnabled: {
          'script-src': true,
          'style-src': true,
        },
      }

But if i run the same on windows pc nonces doesn't will be added to content property of CSP's meta tag

<!DOCTYPE html>
 <html>
  <head>
     <meta http-equiv="Content-Security-Policy" content="base-uri 'self'; object-src 'none'; script-src 'nonce-gn67IhFu2jJyrwY+PMSeUA==' 'strict-dynamic'; style-src 'self' 'nonce-y3gcK9oDtWf74QiBnf2rSA=='; frame-src 'none'; worker-src 'none'">
 <meta charset="UTF-8">
 <title>Title</title>
 <script defer="defer" src="static/js/main.ba2c44d7bc58ccf6207d.bundle.js" nonce="gn67IhFu2jJyrwY+PMSeUA=="> </script>
  <link href="static/css/main.6ec92936e5acaa7eae9f.bundle.css" rel="stylesheet" nonce="y3gcK9oDtWf74QiBnf2rSA==">  
 </head>
 <body>
  <div id="root"></div>
 </body>
</html>

Reproducible in:

slackhq/csp-html-webpack-plugin version: ^5.1.0

node version:I'm using electron with node v12, but i've installed the latest LTS version

OS version(s):10.0.19041

Steps to reproduce:

1.Use my configuration on both OS
2.
3.

Expected result:

What you expected to happen: the same that happen on Mac
@b-maslennikov
Copy link

Confirming

@b-maslennikov
Copy link

Fixed this by updating node from 14.16.0 to 14.17.0 ¯_(ツ)_/¯

@tupton tupton mentioned this issue May 24, 2022
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AnujRNair @b-maslennikov @LightwithoutLisonlyight