55 lines
1.5 KiB
Markdown
55 lines
1.5 KiB
Markdown
# get-nonce
|
|
|
|
just returns a **nonce** (number used once). No batteries included in those 46 bytes of this library.
|
|
|
|
---
|
|
|
|
- ✅ build in `webpack` support via `__webpack_nonce__`
|
|
|
|
# API
|
|
|
|
- `getNonce(): string|undefined` - returns the current `nonce`
|
|
- `setNonce(newValue)` - set's nonce value
|
|
|
|
## Why?
|
|
|
|
Why we need a library to access `__webpack_nonce__`? Abstractions!
|
|
|
|
"I", as a library author, don't want to "predict" the platform "you" going to use.
|
|
"I", as well, want an easier way to test and control `nonce` value.
|
|
|
|
Like - `nonce` is supported out of the box only by webpack, what you are going to do?
|
|
|
|
This is why this "man-in-the-middle" was created.
|
|
Yep, think about `left-pad` :)
|
|
|
|
## Webpack
|
|
|
|
> https://webpack.js.org/guides/csp/
|
|
|
|
To activate the feature set a **webpack_nonce** variable needs to be included in your entry script.
|
|
|
|
```
|
|
__webpack_nonce__ = uuid(); // for example
|
|
```
|
|
|
|
Without `webpack` `__webpack_nonce__` is actually just a global variable,
|
|
which makes it actually bundler independent,
|
|
however "other bundlers" are able to replicate it only setting it as a global variable
|
|
(as here in tests) which violates a "secure" nature of `nonce`.
|
|
|
|
`get-nonce` is not global.
|
|
|
|
## Used in
|
|
|
|
- `react-style-singleton` <- `react-remove-scroll` <- `react-focus-on`
|
|
|
|
## Inspiration
|
|
|
|
- [this issue](https://github.com/theKashey/react-remove-scroll/issues/21)
|
|
- [styled-components](https://github.com/styled-components/styled-components/blob/147b0e9a1f10786551b13fd27452fcd5c678d5e0/packages/styled-components/src/utils/nonce.js)
|
|
|
|
# Licence
|
|
|
|
MIT
|