fix(NuxtImg): add image onerror handler in internal script to avoid s…

[bobeatspie]

…cript-src-attr CSP violation

🔗 Linked issue

Resolves #1011

❓ Type of change

• 📖 Documentation (updates to the documentation or readme)
• 🐞 Bug fix (a non-breaking change that fixes an issue)
• [x ] 👌 Enhancement (improving an existing functionality)
• ✨ New feature (a non-breaking change that adds functionality)
• 🧹 Chore (updates to the build process or auxiliary tools and libraries)
• ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

📚 Description

The CSP header "script-src-attr" prevents inline javascript from executing when the header's value is set to 'none'. By adding the error event handler in the onMounted hook, it becomes easier for Nuxt Security to add a hash to the script and allow the error handler to execute.

[vercel]

@bobeatspie is attempting to deploy a commit to the NuxtLabs Team on Vercel.

A member of the Team first needs to authorize it.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@nuxt/image@1884

commit: 9758c40

[danielroe]

the purpose of the inline js is to capture errors that occur before vue has hydrated the page

we might also be able to add a script in <head> that adds an event listener for image load events....

I've marked as draft for my own triage - feel free to unmark whenever it's ready for review.