Hello,
I have an client issue with new nuxt-seo version 5.0.
https://github.com/harlan-zw/nuxt-seo/
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'self' 'strict-dynamic' 'sha256-ONGmpDWyHYsY3xtj7bHZd+FecK+RbhPN9WDxzTfbRiM=' 'sha256-aO/UyyadceStlstX4piGuLjtRWSu/G7XmmNqJCmbl/8=' 'sha256-45sZv05uwmFdewaAS53saeFyoijT+M2zuwek9asIo/0=' 'sha384-UrS4nC5oMbaktM6vDr57gl5MrqI+1RSPsOLa35iuq12brD/9dRQqdyxcQ9zT7xNj' 'sha384-7lQpU/p0WQUmxZViN4m6v+Bjfrex2NmpULs3qBP8rQN/4cfhNsLjp6TZgQ1YU2h5' 'sha384-nVRKD7S0FoQi/Pm0FQYTpvptOImx/MpAJM3SH4RhjSQclc+Ndq6qp1CpbQwjUTzo' 'sha384-Axg9nYCU5T7QMatdphYsRW1onHfL648Bg/e9kCGJgeg7NZW9WPVSaql+MZFtrsrA' 'sha256-7QIjPOpXT97VD5NmIGqI7WTiAFunWN1i1ifDHVp5i+g='”. Consider using a hash ('sha256-ttsmLGj+N+gpv9yG4IQNFrWKKu5V9rYaWv9tsHam27Y=') or a nonce.
Content-Security-Policy: Ignoring “'self'” within script-src: ‘strict-dynamic’ specified
security: {
headers: {
contentSecurityPolicy: {
"connect-src": ["*"],
"img-src": ["data:", "'self'"],
"script-src": ["'self'", "'strict-dynamic'", "'nonce-{{nonce}}'"],
"style-src-attr": ["'unsafe-inline'"],
},
},
strict: true,
},
Was working good with nuxt-seo before 5.0.0
I'm not sure if it's an nuxt-security issue or nuxt-seo issue?
thanks!
Hello,
I have an client issue with new nuxt-seo version 5.0.
https://github.com/harlan-zw/nuxt-seo/
Was working good with nuxt-seo before 5.0.0
I'm not sure if it's an nuxt-security issue or nuxt-seo issue?
thanks!