opennextjs/opennextjs-netlify

Nonce not automatically set in script tags when using CSP

Opened this issue · 0 comments

It doesn't seem to be documented, but the e2e test and fixture here expects a CSP to be automatically applied to scripts in the head. The docs show manually setting it, but the fixture seems to only set it in the response. Nevertheless, running next start does seem to set it automatically, but when deployed it doesn't. I think this is low priority because it seems to be undocumented behaviour.

Data

The following is parsed automatically by the Next.js repo e2e test report generator.

test case: https://github.com/vercel/next.js/blob/canary/test/e2e/app-dir/app/index.test.ts#L1711
test: test/e2e/app-dir/app/index.test.ts
reason: Nonce not automatically set in script tags when using CSP