Content Security Policy

[stieben]

Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

If I am not mistaken, the only way to make the CSS output of nuxt-buefy currently work with a CSP setup would be through the 'unsafe-inline' setting. I see two ways to enhance security here:

1. Transfer the CSS output to a separate file.
2. Add the hash of the inline style to the HTTP response header.

Regarding 2, I'm a bit clueless if that would be done in nuxt-buefy or via Webpack or in Nuxt itself somehow.

Does any of that make sense?

[wesdevpro]

@stieben @kikuomax Not to me. This flew right over my head 😂 But with some digging and help I'm sure I could make sense of this issue. Security is Key. I will be investigating this further. Feel free to reach out to me on the Buefy official discord. Thanks!