Skip to content

feat(csp): customise algorithm#13803

Merged
ematipico merged 10 commits into
feat/cspfrom
feat/csp-configuration
May 15, 2025
Merged

feat(csp): customise algorithm#13803
ematipico merged 10 commits into
feat/cspfrom
feat/csp-configuration

Conversation

@ematipico
Copy link
Copy Markdown
Member

@ematipico ematipico commented May 14, 2025

Changes

This PR implements the csp.algorithm configuration from the RFC: https://github.com/withastro/roadmap/blob/feat/rfc-csp/proposals/0055-csp.md#configuration-apis

The generateDigest function now accepts an algorithm parameter, which is passed down during the rendering phase.

I removed the cspMiddleware. I thought I was going to use it, but it turn out it isn't needed for the time being

Testing

I added two new tests

Docs

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 14, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 0db9a40

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions github-actions Bot added pkg: astro Related to the core `astro` package (scope) docs pr labels May 14, 2025
@ematipico ematipico changed the title chore: build hashes of scripts (#13590) feat(csp): customise algorithm May 14, 2025
@ematipico ematipico mentioned this pull request May 14, 2025
Merged
florian-lefebvre
florian-lefebvre reviewed May 15, 2025
View reviewed changes
Comment thread packages/astro/src/core/build/generate.ts Outdated
Comment thread packages/astro/src/core/csp/common.ts
Comment thread packages/astro/src/core/csp/common.ts Outdated
Comment thread packages/astro/src/core/encryption.ts Outdated
Comment thread packages/astro/src/types/public/config.ts Outdated
Comment thread packages/astro/src/types/public/config.ts Outdated
ematipico and others added 3 commits May 15, 2025 08:29
@ematipico @florian-lefebvre
Update packages/astro/src/core/build/generate.ts
0aae798 
Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
@ematipico @florian-lefebvre
Update packages/astro/src/core/csp/common.ts
c141545 
Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
@ematipico
feedback
dde5048
florian-lefebvre
florian-lefebvre reviewed May 15, 2025
View reviewed changes
Comment thread packages/astro/src/core/build/generate.ts Outdated
Comment thread packages/astro/src/core/config/schemas/base.ts Outdated
Comment thread packages/astro/src/core/encryption.ts Outdated
Comment thread packages/astro/src/core/encryption.ts Outdated
Comment thread packages/astro/src/core/render-context.ts Outdated
ematipico and others added 4 commits May 15, 2025 09:14
@ematipico @florian-lefebvre
Update packages/astro/src/core/encryption.ts
a169691 
Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
@ematipico @florian-lefebvre
Update packages/astro/src/core/encryption.ts
2bccd37 
Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
@ematipico
feedback
fb93fbf
@ematipico
feedback
d8a6663
ematipico and others added 2 commits May 15, 2025 09:19
@ematipico
address more feedback
0e2e524
@ematipico @florian-lefebvre
Update packages/astro/src/core/csp/common.ts
0db9a40 
Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
florian-lefebvre
florian-lefebvre approved these changes May 15, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@florian-lefebvre florian-lefebvre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ematipico ematipico merged commit 3b00f85 into feat/csp May 15, 2025
15 checks passed
@ematipico ematipico deleted the feat/csp-configuration branch May 15, 2025 09:13
ematipico added a commit that referenced this pull request May 22, 2025
@ematipico @florian-lefebvre
feat(csp): customise algorithm (#13803)
ea6d30d 
Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
ascorbic added a commit that referenced this pull request Jun 4, 2025
@ematipico @florian-lefebvre
@ascorbic @sarah11918 @ArmandPhilippot
feat: experimental CSP (#13802)
0eafe14 
* chore: build hashes of scripts (#13590)

* chore: build hashes of scripts

* chore: fix changes

* chore: fix changes

* chore: fix changes

* feat(csp): create hashes of tracked scripts and hashes (#13675)

Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>

* feat(csp): fix CSP header, inject astro island script/style (#13687)

* feat(csp): track client scripts and CSS (#13725)

Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>

* feat(csp): support view transitions (#13738)

Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>
Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>
fix CSP header, inject astro island script/style (#13687)

* feat(csp): server islands (#13775)

Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>

* feat(csp): customise algorithm (#13803)

Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>

* chore: build hashes of scripts (#13590) (#13805)

Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>

* feat(csp): allow additional directives (#13810)

Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>
Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>

* feat(csp): resources for script and styles directives (#13812)

Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>

* feat(csp): runtime APIs (#13824)

Co-authored-by: Matt Kane <m@mk.gg>

* feat(csp): add script-dynamic keyword support (#13834)

* update lockfile

* chore: docs and changeset (#13870)

* chore: add changeset

* grammar

* Apply suggestions from code review

Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>

* Update JSDoc with examples to match docs

* Sarah's changeset edits

* Apply suggestions from code review

Thanks, @ArmandPhilippot

Co-authored-by: Armand Philippot <git@armand.philippot.eu>

* Fix indentation

* Update .changeset/crazy-doors-buy.md

* Apply suggestions from code review

Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>

---------

Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>
Co-authored-by: Matt Kane <m@mk.gg>
Co-authored-by: Armand Philippot <git@armand.philippot.eu>

* Update lockfile

* dedupe deps

* Lock

* Lock

* fix: server islands in mdx

---------

Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>
Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>
Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
Co-authored-by: Matt Kane <m@mk.gg>
Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>
Co-authored-by: Armand Philippot <git@armand.philippot.eu>
openscript pushed a commit to openscript/astro that referenced this pull request Sep 12, 2025
@ematipico @florian-lefebvre
@ascorbic @sarah11918 @ArmandPhilippot @openscript
feat: experimental CSP (withastro#13802)
1d9a567 
* chore: build hashes of scripts (withastro#13590)

* chore: build hashes of scripts

* chore: fix changes

* chore: fix changes

* chore: fix changes

* feat(csp): create hashes of tracked scripts and hashes (withastro#13675)

Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>

* feat(csp): fix CSP header, inject astro island script/style (withastro#13687)

* feat(csp): track client scripts and CSS (withastro#13725)

Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>

* feat(csp): support view transitions (withastro#13738)

Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>
Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>
fix CSP header, inject astro island script/style (withastro#13687)

* feat(csp): server islands (withastro#13775)

Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>

* feat(csp): customise algorithm (withastro#13803)

Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>

* chore: build hashes of scripts (withastro#13590) (withastro#13805)

Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>

* feat(csp): allow additional directives (withastro#13810)

Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>
Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>

* feat(csp): resources for script and styles directives (withastro#13812)

Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>

* feat(csp): runtime APIs (withastro#13824)

Co-authored-by: Matt Kane <m@mk.gg>

* feat(csp): add script-dynamic keyword support (withastro#13834)

* update lockfile

* chore: docs and changeset (withastro#13870)

* chore: add changeset

* grammar

* Apply suggestions from code review

Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>

* Update JSDoc with examples to match docs

* Sarah's changeset edits

* Apply suggestions from code review

Thanks, @ArmandPhilippot

Co-authored-by: Armand Philippot <git@armand.philippot.eu>

* Fix indentation

* Update .changeset/crazy-doors-buy.md

* Apply suggestions from code review

Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>

---------

Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>
Co-authored-by: Matt Kane <m@mk.gg>
Co-authored-by: Armand Philippot <git@armand.philippot.eu>

* Update lockfile

* dedupe deps

* Lock

* Lock

* fix: server islands in mdx

---------

Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com>
Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com>
Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
Co-authored-by: Matt Kane <m@mk.gg>
Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>
Co-authored-by: Armand Philippot <git@armand.philippot.eu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@florian-lefebvre florian-lefebvre florian-lefebvre approved these changes

Assignees

No one assigned

Labels

docs pr pkg: astro Related to the core `astro` package (scope)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ematipico @florian-lefebvre