chore: build hashes of scripts (#13590)#13805
Merged
Merged
Conversation
|
github-actions
Bot
added
pkg: astro
ematipico
force-pushed
the
feat/csp-external-hashes
branch
from
d7bad7e to
f1c0bfc
Compare
Member
|
There are still conflicts so it doesn't have all the changes from the last PR |
ematipico
force-pushed
the
feat/csp-external-hashes
branch
from
f1c0bfc to
5850fe9
Compare
Member
Author
|
Conflicts resolved @florian-lefebvre, thank you for your patience |
| csp = { | ||
| clientScriptHashes: [], | ||
| clientStyleHashes: [], | ||
| clientScriptHashes: getScriptHashes(settings.config), |
Member
There was a problem hiding this comment.
Semi related to this PR: why aren't you calling trackStyleHashes/trackScriptHashes?
Member
Author
There was a problem hiding this comment.
They are meant to be called during the build. They accept BuildInternals, which is a type that we populate during the build. The development server doesn't have such things.
florian-lefebvre
approved these changes
May 15, 2025
Member
|
@ematipico done! I also added type tests |
ematipico
added a commit
that referenced
this pull request
May 22, 2025
ascorbic
added a commit
that referenced
this pull request
Jun 4, 2025
* chore: build hashes of scripts (#13590) * chore: build hashes of scripts * chore: fix changes * chore: fix changes * chore: fix changes * feat(csp): create hashes of tracked scripts and hashes (#13675) Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> * feat(csp): fix CSP header, inject astro island script/style (#13687) * feat(csp): track client scripts and CSS (#13725) Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> * feat(csp): support view transitions (#13738) Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> fix CSP header, inject astro island script/style (#13687) * feat(csp): server islands (#13775) Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> * feat(csp): customise algorithm (#13803) Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev> * chore: build hashes of scripts (#13590) (#13805) Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev> * feat(csp): allow additional directives (#13810) Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> * feat(csp): resources for script and styles directives (#13812) Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> * feat(csp): runtime APIs (#13824) Co-authored-by: Matt Kane <m@mk.gg> * feat(csp): add script-dynamic keyword support (#13834) * update lockfile * chore: docs and changeset (#13870) * chore: add changeset * grammar * Apply suggestions from code review Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com> * Update JSDoc with examples to match docs * Sarah's changeset edits * Apply suggestions from code review Thanks, @ArmandPhilippot Co-authored-by: Armand Philippot <git@armand.philippot.eu> * Fix indentation * Update .changeset/crazy-doors-buy.md * Apply suggestions from code review Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com> --------- Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com> Co-authored-by: Matt Kane <m@mk.gg> Co-authored-by: Armand Philippot <git@armand.philippot.eu> * Update lockfile * dedupe deps * Lock * Lock * fix: server islands in mdx --------- Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev> Co-authored-by: Matt Kane <m@mk.gg> Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com> Co-authored-by: Armand Philippot <git@armand.philippot.eu>
openscript
pushed a commit
to openscript/astro
that referenced
this pull request
Sep 12, 2025
* chore: build hashes of scripts (withastro#13590) * chore: build hashes of scripts * chore: fix changes * chore: fix changes * chore: fix changes * feat(csp): create hashes of tracked scripts and hashes (withastro#13675) Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> * feat(csp): fix CSP header, inject astro island script/style (withastro#13687) * feat(csp): track client scripts and CSS (withastro#13725) Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> * feat(csp): support view transitions (withastro#13738) Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> fix CSP header, inject astro island script/style (withastro#13687) * feat(csp): server islands (withastro#13775) Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> * feat(csp): customise algorithm (withastro#13803) Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev> * chore: build hashes of scripts (withastro#13590) (withastro#13805) Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev> * feat(csp): allow additional directives (withastro#13810) Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> * feat(csp): resources for script and styles directives (withastro#13812) Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> * feat(csp): runtime APIs (withastro#13824) Co-authored-by: Matt Kane <m@mk.gg> * feat(csp): add script-dynamic keyword support (withastro#13834) * update lockfile * chore: docs and changeset (withastro#13870) * chore: add changeset * grammar * Apply suggestions from code review Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com> * Update JSDoc with examples to match docs * Sarah's changeset edits * Apply suggestions from code review Thanks, @ArmandPhilippot Co-authored-by: Armand Philippot <git@armand.philippot.eu> * Fix indentation * Update .changeset/crazy-doors-buy.md * Apply suggestions from code review Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com> --------- Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com> Co-authored-by: Matt Kane <m@mk.gg> Co-authored-by: Armand Philippot <git@armand.philippot.eu> * Update lockfile * dedupe deps * Lock * Lock * fix: server islands in mdx --------- Co-authored-by: florian-lefebvre <69633530+florian-lefebvre@users.noreply.github.com> Co-authored-by: ascorbic <213306+ascorbic@users.noreply.github.com> Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev> Co-authored-by: Matt Kane <m@mk.gg> Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com> Co-authored-by: Armand Philippot <git@armand.philippot.eu>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Depends on #13803
This PR adds support for
scriptHashesandstyleHashes: https://github.com/withastro/roadmap/blob/feat/rfc-csp/proposals/0055-csp.md?rgh-link-date=2025-05-14T11%3A19%3A53Z#configuration-apisThis PR adds a layer of validation of the inputs provided by the users. It checks if the hashes start with a certain string.
Testing
Added new tests
Docs