From 975077a883504663f14530749d49bb89098b8d79 Mon Sep 17 00:00:00 2001 From: Jens Reimann Date: Tue, 21 Jan 2025 09:40:31 +0100 Subject: [PATCH] fix: disable nonce creation by default As the nonce should be unique per request, it doesn't make sense to enable this by default, as that requires additional work on the serving side. On the other side, having a (static) random value isn't correct either. So we keep the current logic, but disable nonce generation by default, making it opt-in. Closes #941 --- schemas/config.json | 4 ++-- src/config/models/build.rs | 8 ++------ 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/schemas/config.json b/schemas/config.json index b002e5d9..41bc1737 100644 --- a/schemas/config.json +++ b/schemas/config.json @@ -10,7 +10,7 @@ "all_features": false, "allow_self_closing_script": false, "cargo_profile": null, - "create_nonce": true, + "create_nonce": false, "dist": "dist", "filehash": true, "frozen": false, @@ -120,7 +120,7 @@ }, "create_nonce": { "description": "Create 'nonce' attributes with a placeholder.", - "default": true, + "default": false, "type": "boolean" }, "dist": { diff --git a/src/config/models/build.rs b/src/config/models/build.rs index e508d8fe..1cb078aa 100644 --- a/src/config/models/build.rs +++ b/src/config/models/build.rs @@ -153,7 +153,7 @@ pub struct Build { pub allow_self_closing_script: bool, /// Create 'nonce' attributes with a placeholder. - #[serde(default = "default::create_nonce")] + #[serde(default)] pub create_nonce: bool, /// The placeholder which is used in the 'nonce' attribute. @@ -230,7 +230,7 @@ impl Default for Build { minify: Default::default(), no_sri: false, allow_self_closing_script: false, - create_nonce: true, + create_nonce: false, nonce_placeholder: default::nonce_placeholder(), } } @@ -256,10 +256,6 @@ mod default { true } - pub const fn create_nonce() -> bool { - true - } - pub fn nonce_placeholder() -> String { "{{__TRUNK NONCE__}}".to_string() }