-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nonce not applied to deferred scripts on direct page loads #5539
Comments
This may be a duplicate of #5156 but it made no mentioned of difference in behaviour between navigating via link, and loading the route directly |
This issue has been automatically marked stale because we haven't received a response from the original author in a while 🙈. This automation helps keep the issue tracker clean from issues that are not actionable. Please reach out if you have more information for us or you think this issue shouldn't be closed! 🙂 If you don't do so within 7 days, this issue will be automatically closed. |
Still relevant. |
This should be fixed by #6389 and available in the next release |
🤖 Hello there, We just published version Thanks! |
🤖 Hello there, We just published version Thanks! |
🤖 Hello there, We just published version Thanks! |
🤖 Hello there, We just published version Thanks! |
I am still encountering this issue while running Remix in a Hydrogen project. Here's my package.json
and my entry.server.tsx
|
@Mihai-github would you mind opening a new issue with a reproduction? |
What version of Remix are you using?
1.13.0
Are all your remix dependencies & dev-dependencies using the same version?
Steps to Reproduce
Reproduction repository: https://github.com/jvanst/remix-nonce-bug
Stackblitz: https://stackblitz.com/edit/remix-nonce-bug
Here is a diff of the changes to the base scaffold: jvanst/remix-nonce-bug@e6dcfd0
responseHeaders.set('Content-Security-Policy', `script-src 'self' 'nonce-${NONCE}';`)
inentry.server.tsx
nonce
value torenderToPipeableStream()
inentry.server.tsx
nonce
value to<ScrollRestoration />
,<Scripts />
,<LiveReload />
insideroot.tsx
This is inconsistent because if you load http://localhost:3000 and navigate with a
<Link>
to the deferred page, no such errors occurs.Our enterprise requires nonces on all inlined scripts so this stops our
defer
usage until its resolved 🙂. Hoping I can find time to dig through this one more deeply.Expected Behavior
Deferred content is loaded with
nonce
valueActual Behavior
Throws error:
In production mode the content fails to load.
The text was updated successfully, but these errors were encountered: