From f0453d820f8cf33349dbd90b8bef26c35d6fd9c9 Mon Sep 17 00:00:00 2001
From: Michael Brevard <yonshi29@gmail.com>
Date: Sat, 28 Dec 2024 19:33:16 +0200
Subject: [PATCH] fix(nonce): override user-defined nonce values with Nuxt
 Image

---
 src/runtime/nitro/plugins/40-cspSsrNonce.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/runtime/nitro/plugins/40-cspSsrNonce.ts b/src/runtime/nitro/plugins/40-cspSsrNonce.ts
index 3d4bc120..d6081257 100644
--- a/src/runtime/nitro/plugins/40-cspSsrNonce.ts
+++ b/src/runtime/nitro/plugins/40-cspSsrNonce.ts
@@ -3,6 +3,7 @@ import { resolveSecurityRules } from '../context'
 import { generateRandomNonce } from '../../../utils/crypto'
 
 const LINK_RE = /<link([^>]*?>)/gi
+const NONCE_RE = /nonce="[^"]+"/i
 const SCRIPT_RE = /<script([^>]*?>)/gi
 const STYLE_RE = /<style([^>]*?>)/gi
 
@@ -58,6 +59,9 @@ export default defineNitroPlugin((nitroApp) => {
         }
         // Add nonce to all link tags
         element = element.replace(LINK_RE, (match, rest) => {
+          if (NONCE_RE.test(rest)) {
+            return match.replace(NONCE_RE, `nonce="${nonce}"`);
+          }
           return `<link nonce="${nonce}"` + rest
         })
         // Add nonce to all script tags