[✨] nonce on styles #264
Replies: 7 comments
-
|
is the nonce also needed for CSR rendering? or only for SSR rendering? |
Beta Was this translation helpful? Give feedback.
-
|
This should make it easier to implement: |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @manucorporat Let me have a look at it after my vacation next week. |
Beta Was this translation helpful? Give feedback.
-
|
is it still valid? |
Beta Was this translation helpful? Give feedback.
-
|
Still valid. Nobody is using prober CSP I guess. |
Beta Was this translation helpful? Give feedback.
-
|
We moved this issue to |
Beta Was this translation helpful? Give feedback.
-
|
@tzdesign how do you use prober csp? :) and also, is this fixed now? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Is your feature request related to a problem?
No
Describe the solution you'd like
I know that unsafe-inline in in CSP for style tags is totally ok, but I wish to have the possibility to have the nonce there anyway.
The style-tags should render with nonce if the shared map has a value for @nonce set like:
I would do this myself, but
_appendHeadStyleis so basic without additional data than ID and style, that I have no idea how to get the global context here.Describe alternatives you've considered
unsafe-inline is ok, also suggested by google.
If you do online-banking software or similar high security apps, It would be good to have all tags secured by nonce.
Additional context
No response
Beta Was this translation helpful? Give feedback.
All reactions