This is a bugfix release for an incident in production on 2023.11.08. When navigating between pages on the single page app, the content is un-styled due to CSP rejecting the inline styles. This release fixes the issue. It was deployed on November 15, 2023 with SVCSE-1604.
nextupdated to 14.0.2 (still reformats the map comment when injecting CSS)nodeupdated to 18.18.2npmupdated to 9.8.1Djangoremains at 4.2.7- CSP rules for style sheets have several changes:
- Rules are now sha256 hashes, because Chrome prints the sha256 hash for rejected inline content.
- A rule is added when the map comment ends in
...css.map*/(when served as file) and...css.map */(when injected as inline content). - A rule is added for the empty string, since
nextinjects empty<style>elements before adding content.
- MPP-3583 is fixed
What's Changed
- Downgrade to Django 3.2.22 by @jwhitlock in #4114
- Downgrade next from 14.0.1 to 14.0.0 by @jwhitlock in #4115
- Add up to two hashes per CSS by @jwhitlock in #4116
- Downgrade to next 14.0.0 (for real) by @jwhitlock in #4117
- Add hashes for content with comment space by @jwhitlock in #4118
- Further production fixex - empty hash, upgrade Django by @jwhitlock in #4119
- Further prod fixes - Update next, node, and fix MPP-3583 by @jwhitlock in #4120
Full Changelog: 2023.11.08...2023.11.08.8