Skip to content

feat: optional nonce prop for NextSSRPlugin#1282

Open
CyanFlare wants to merge 3 commits into
pingdotgg:mainfrom
CyanFlare:main
Open

feat: optional nonce prop for NextSSRPlugin#1282
CyanFlare wants to merge 3 commits into
pingdotgg:mainfrom
CyanFlare:main

Conversation

@CyanFlare

@CyanFlare CyanFlare commented May 10, 2026

Copy link
Copy Markdown

This adds an optional nonce prop to NextSSRplugin which is added onto the script tag.

Summary by CodeRabbit

  • New Features
    • The server-side rendering plugin now accepts an optional nonce prop, applied to its injected script tag.
  • Bug Fixes
    • Prevents the plugin’s injected script from being inserted multiple times during SSR.
  • Chores
    • Published a patch release for the above updates.

@changeset-bot

changeset-bot Bot commented May 10, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 80c90dd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@uploadthing/react Patch
@uploadthing/expo Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel

vercel Bot commented May 10, 2026

Copy link
Copy Markdown

@CyanFlare is attempting to deploy a commit to the Ping Labs Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented May 10, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c9af1b24-0aec-4f0b-b527-941d4f9f2073

📥 Commits

Reviewing files that changed from the base of the PR and between 602f2d8 and 80c90dd.

📒 Files selected for processing (2)
  • .changeset/gorgeous-birds-reflect.md
  • packages/react/src/next-ssr-plugin.tsx
✅ Files skipped from review due to trivial changes (1)
  • .changeset/gorgeous-birds-reflect.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • packages/react/src/next-ssr-plugin.tsx

Walkthrough

Adds optional CSP nonce support to NextSSRPlugin, and prevents the server-inserted script from being emitted more than once.

Changes

NextSSRPlugin Nonce Support

Layer / File(s) Summary
Props and insertion guard
packages/react/src/next-ssr-plugin.tsx
NextSSRPlugin adds nonce?: string, imports useRef, tracks insertion with isInserted, and returns early on repeat server insertions while keeping the existing globalThis.__UPLOADTHING payload.
Changeset entries
.changeset/lazy-lions-reply.md, .changeset/gorgeous-birds-reflect.md
Patch release notes are added for @uploadthing/react describing the optional nonce prop and the duplicate script insertion fix.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely describes the main change: adding an optional nonce prop to NextSSRPlugin.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps

greptile-apps Bot commented May 10, 2026

Copy link
Copy Markdown

Confidence Score: 5/5

Safe to merge — the change is a one-line prop addition with no logic changes.

The only modified file receives a new optional prop and forwards it verbatim to an existing <script> element. All surrounding serialization and rendering logic is untouched. Passing undefined to React's nonce attribute correctly omits it from the DOM, so there is no regression for callers who do not pass the prop.

No files require special attention.

Important Files Changed

Filename Overview
packages/react/src/next-ssr-plugin.tsx Adds optional nonce?: string prop to NextSSRPlugin and threads it through to the inline <script> tag for CSP compliance.

Reviews (1): Last reviewed commit: "feat: optional `nonce` prop for `NextSSR..." | Re-trigger Greptile

@markflorkowski markflorkowski added the release canary Trigger a canary release to npm label May 12, 2026
markflorkowski and others added 2 commits May 12, 2026 14:45
@markflorkowski markflorkowski added release canary Trigger a canary release to npm and removed release canary Trigger a canary release to npm labels Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release canary Trigger a canary release to npm @uploadthing/react

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants