Replies: 2 comments
-
I'm aligned with @Yannik's viewpoint regarding CSP implementation in the package. I believe that either automatically removing nonces when Thanks |
Beta Was this translation helpful? Give feedback.
0 replies
-
Feel free to submit a PR 👍 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have a quiet complicated CSP, which is optimized for minimal permissions, but for some pages is more open due to third party library requirements (e.g. mapbox).
By default, hashes are set for inline styles, but sometimes, it it necessary to set
unsafe-inline
because the hashes cannot be precomputed.In this case, it would be very useful to either a) automatically or b) manually remove the hash/nonce directives, because otherwise
unsafe-inline
is ignored by the client browser per the CSP spec.@freekmurze What do you think about this?
Beta Was this translation helpful? Give feedback.
All reactions