Merge pull request #154 from ziadoz/skip-vite-hot

sebastiandedeyne · web-flow · commit b670fad7e18e · 2025-04-04T09:31:45.000+02:00
Skip CSP middleware when Vite is hot reloading
diff --git a/src/AddCspHeaders.php b/src/AddCspHeaders.php
@@ -4,6 +4,7 @@
 
 use Closure;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Vite;
 use Symfony\Component\HttpFoundation\Response;
 
 class AddCspHeaders
@@ -19,8 +20,8 @@ public function handle(
             return $response;
         }
 
-        // Skip CSP middleware when Laravel is rendering an exception
-        if (config('app.debug') && $response->isServerError()) {
+        // Skip CSP middleware when Laravel is rendering an exception or Vite is hot reloading
+        if (config('app.debug') && ($response->isServerError() || Vite::isRunningHot())) {
             return $response;
         }
 
diff --git a/tests/AddCspHeadersTest.php b/tests/AddCspHeadersTest.php
@@ -1,7 +1,9 @@
 <?php
 
 use Illuminate\Contracts\Http\Kernel;
+use Illuminate\Foundation\Vite;
 use Illuminate\Support\Facades\Route;
+use Mockery\MockInterface;
 use function PHPUnit\Framework\assertEquals;
 use function PHPUnit\Framework\assertFalse;
 use function PHPUnit\Framework\assertNull;
@@ -331,6 +333,22 @@ public function configure(Policy $policy): void
     assertFalse($headers->has('content-security-policy'));
 });
 
+test('route middleware is skipped when vite is hot reloading', function (): void {
+    config(['app.debug' => true]);
+
+    $this->mock(Vite::class, function (MockInterface $mock): void {
+        $mock->shouldReceive('isRunningHot')->andReturn(true);
+    });
+
+    Route::get('other-route', function () {
+        return 'ok';
+    })->middleware(AddCspHeaders::class.':'.Basic::class);
+
+    $headers = getResponseHeaders('other-route');
+
+    assertFalse($headers->has('content-security-policy'));
+});
+
 it('will handle scheme values', function (): void {
     $policy = new class implements Preset {
         public function configure(Policy $policy): void

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`use Closure;`
`6`	`6`	`use Illuminate\Http\Request;`
	`7`	`+use Illuminate\Support\Facades\Vite;`
`7`	`8`	`use Symfony\Component\HttpFoundation\Response;`
`8`	`9`
`9`	`10`	`class AddCspHeaders`
`@@ -19,8 +20,8 @@ public function handle(`
`19`	`20`	`return $response;`
`20`	`21`	`}`
`21`	`22`
`22`		`- // Skip CSP middleware when Laravel is rendering an exception`
`23`		`- if (config('app.debug') && $response->isServerError()) {`
	`23`	`+ // Skip CSP middleware when Laravel is rendering an exception or Vite is hot reloading`
	`24`	`+ if (config('app.debug') && ($response->isServerError() \|\| Vite::isRunningHot())) {`
`24`	`25`	`return $response;`
`25`	`26`	`}`
`26`	`27`