Blame view

天文台pc/tianwentai-ui/node_modules/get-nonce/README.md 1.52 KB
bc518174   王天杨   提交两个项目文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
  # get-nonce
  
  just returns a **nonce** (number used once). No batteries included in those 46 bytes of this library.
  
  ---
  
  - ✅ build in `webpack` support via `__webpack_nonce__`
  
  # API
  
  - `getNonce(): string|undefined` - returns the current `nonce`
  - `setNonce(newValue)` - set's nonce value
  
  ## Why?
  
  Why we need a library to access `__webpack_nonce__`? Abstractions!
  
  "I", as a library author, don't want to "predict" the platform "you" going to use.
  "I", as well, want an easier way to test and control `nonce` value.
  
  Like - `nonce` is supported out of the box only by webpack, what you are going to do?
  
  This is why this "man-in-the-middle" was created.
  Yep, think about `left-pad` :)
  
  ## Webpack
  
  > https://webpack.js.org/guides/csp/
  
  To activate the feature set a **webpack_nonce** variable needs to be included in your entry script.
  
  ```
  __webpack_nonce__ = uuid(); // for example
  ```
  
  Without `webpack` `__webpack_nonce__` is actually just a global variable,
  which makes it actually bundler independent,
  however "other bundlers" are able to replicate it only setting it as a global variable
  (as here in tests) which violates a "secure" nature of `nonce`.
  
  `get-nonce` is not global.
  
  ## Used in
  
  - `react-style-singleton` <- `react-remove-scroll` <- `react-focus-on`
  
  ## Inspiration
  
  - [this issue](https://github.com/theKashey/react-remove-scroll/issues/21)
  - [styled-components](https://github.com/styled-components/styled-components/blob/147b0e9a1f10786551b13fd27452fcd5c678d5e0/packages/styled-components/src/utils/nonce.js)
  
  # Licence
  
  MIT