docs: Document the option render.csp.reportOnly (#2198)

Information taken from nuxt/nuxt#3559 by @manniL
nuxt · Mar 14, 2023 · 5cfa2d3 · 5cfa2d3
1 parent 4539fc4
commit 5cfa2d3
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/content/en/docs/5.configuration-glossary/23.configuration-render.md b/content/en/docs/5.configuration-glossary/23.configuration-render.md
@@ -216,6 +216,10 @@ These CSP settings are only effective when using Nuxt with `target: 'server'` to
 
 These settings are read by the Nuxt server directly from `nuxt.config.js`. This means changes to these settings take effect when the server is restarted. There is no need to rebuild the application to update the CSP settings.
 
+**Debug violations:**
+
+If `reportOnly` is set to `true` (default: `false`) the usual header `Content-Security-Policy` is set to `Content-Security-Policy-Report-Only`. This provides information about violations of the CSP and how to fix them.
+
 **HTML meta tag:**
 
 In order to add [`<meta http-equiv="Content-Security-Policy"/>`](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) to the `<head>` you need to set `csp.addMeta` to `true`. Please note that this feature is independent of the `csp.policies` configuration: