mirror of
https://github.com/kjanat/livedash-node.git
synced 2026-01-16 09:52:09 +01:00
Kaj Kowalski
6d5d0fd7a4
- Fix Permissions-Policy header: change ambient-light-sensor to ambient-light - Add Google Fonts domain to font-src CSP for Leaflet map tiles - Allow unsafe-inline for style-src to support third-party libraries (Sonner, Leaflet) - Fix React hydration mismatch by conditionally adding nonce attribute - Add debug logging for nonce retrieval issues These changes resolve all CSP violations while maintaining security best practices.
41 lines
1.0 KiB
TypeScript
41 lines
1.0 KiB
TypeScript
import { headers } from "next/headers";
|
|
|
|
/**
|
|
* Get the CSP nonce from request headers (server-side only)
|
|
*/
|
|
export async function getNonce(): Promise<string | undefined> {
|
|
try {
|
|
const headersList = await headers();
|
|
const nonce = headersList.get("X-Nonce");
|
|
|
|
// Log for debugging hydration issues
|
|
if (!nonce && process.env.NODE_ENV === "development") {
|
|
console.warn(
|
|
"No nonce found in headers - this may cause hydration mismatches"
|
|
);
|
|
}
|
|
|
|
return nonce || undefined;
|
|
} catch (error) {
|
|
// Headers not available (e.g., in client-side code)
|
|
if (process.env.NODE_ENV === "development") {
|
|
console.warn("Failed to get headers for nonce:", error);
|
|
}
|
|
return undefined;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create script props with nonce for CSP compliance
|
|
*/
|
|
export function createScriptProps(nonce?: string) {
|
|
return nonce ? { nonce } : {};
|
|
}
|
|
|
|
/**
|
|
* Create style props with nonce for CSP compliance
|
|
*/
|
|
export function createStyleProps(nonce?: string) {
|
|
return nonce ? { nonce } : {};
|
|
}
|