Nonce protection on 404 and 500 pages #64023
Replies: 2 comments
-
|
@DannyJoris Did you manage to solve this and if so what was to solution you went for? |
Beta Was this translation helpful? Give feedback.
-
|
I found a workaround based on this comment The solution is to add a "dummy" // _app.tsx
// If getInitialProps is used in a custom _app.js, and the page being navigated to is using getServerSideProps, then getInitialProps will also run on the server.
// you don't have to get nonce in App, just return initialProps.
MyApp.getInitialProps = async (
ctx: NextAppContext
): Promise<AppInitialProps> => {
const initialProps = await NextApp.getInitialProps(ctx);
return initialProps;
};For some reason, that seemed to fix the issue. The way I tested was by adding a |
Beta Was this translation helpful? Give feedback.
-
Summary
Using Next 14 and the Pages Router, we're creating a nonce defined in the middleware as documented here: https://nextjs.org/docs/pages/building-your-application/configuring/content-security-policy#nonces
In
_document.tsxthe nonce is read from the headers insidegetInitialPropsand passed to the component as a prop, which is then added to theNextScriptcomponent as such:<NextScript nonce={nonce} />.Because 404 and 500 pages are rendered statically on build time,
getInitialPropsisn't called, and thus the nonce isn't added toNextScript, which causes none of the client-side JavaScript to load on error pages and errors being output to the console.So my questions are:
NextScripton 404 and 500 pages?NextScripton those pages only?Additional information
No response
Example
No response
Beta Was this translation helpful? Give feedback.
All reactions