Comments (7)
Experienced this issue again, back on 14.1.3. force-dynamic is activated and no other CSP-Errors occur.
Here are some screenshots from the developer tools showing the error and file:
from next.js.
Can confirm. 14.0.4 still works fine for me.
from next.js.
@moloch--
I am not quite sure, since I have not used CSP in my hobby or in work coding, but document says you must use dynamic rendering to add nonces.
, and I think app-router is default to cache.
So I think you have to add
export const dynamic = "force-dynamic"
or something to prevent next.js from cacheing in page.tsx
in your reproduction codes.
In my case, adding above code fix console.log to warn.
from next.js.
Doesn't seem like I should have to force dynamic rendering for every page just to use CSP, so still seems like a bug?
@AlexBueckig would you be able to link to a working example?
from next.js.
Adding force-dynamic solved the problem for me. I totally makes sense, now that I'm thinking about it. A new nonce gets created for every request by your middleware function. If you cache a rendered page the nonces in this page are a value from a previous request. But since you create a new csp header for every request, there is a mismatch with these nonces and csp breaks.
For now this seems to be the only option if you want to use nonces.
I don't know your project, but if you aren't using external scripts e.g. tracking or whatever you can just set static csp headers without the need for strict-dynamic and nonces. These versions should be cacheable since they are not dependant on a random generated value.
from next.js.
btw, adding export const dynamic = "force-dynamic"
doesn't seem to have any affect for me :-/
from next.js.
Okay for anyone else that sees this, I figured it out. I had "use client"
in my layout.tsx
which means the nonces are never inserted even if you use force-dynamic
from next.js.
Related Issues (20)
- Build very slow: 30+ minutes with Vercel and 10+ minutes with Laptop HOT 11
- pdfjs-dist fails to compile with Turbopack (webpackIgnore comment not respected) HOT 1
- Parallel routes breaks completely after being redirected from a server action function HOT 6
- Cannot build with URL.canParse function HOT 18
- Can't build project - TypeError: Cannot read properties of null (reading 'useContext') HOT 7
- Dockerfile [4/4] Step 6/14 - /app/public no such file or directory HOT 3
- Cannot build in versions after [email protected] HOT 3
- Property overrideSrc of image component (next/image) does not override srcset property HOT 3
- Next Build fails with start <= end assertion failed HOT 4
- Unused dependencies in standalone build using storybook
- Warning: React does not recognize the `fetchPriority` prop on a DOM element. HOT 1
- Error occurred prerendering page "/_not-found" with pageExtensions option HOT 8
- `next/og` cause memory leak in production standalone build HOT 20
- Multiple loading.tsx files causes extra transition when revalidating with server actions on 14.2.x+
- No official way to enable turbopack with custom server
- CSS order incorrect with the combination of server and client components HOT 3
- next.js typescript plugin autocomplete not working for `viewport`
- [Parallel and Intercepted Dynamic Routes] Will intercept normal routing HOT 2
- output export ssg generation for dynamic even with generateStaticParams id value is comming as %5Bslug%5D so page is not generated in build HOT 1
- Docs: Some Tags in "Layouts and Templates" page are not showing properly in the Firefox browser HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from next.js.