New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Content Security Policy Compatibility #869
Comments
You need to update the Content-Security-Policy value to accommodate the |
It's definitely not ideal to force developers to use the |
One way is to not to import the css file inside your code and make it available as a separate file that can be imported within the developer code. something like |
It's got (almost) nothing to do with where the CSS file is (as long as the CSS resides on the same domain). Sweetalert injects inline CSS, which any CSP worth having will not allow unless there's a nonce/hash value. It's causing me no end of pain this morning; I may have to unwire it from my project, which is a shame, because I really like(d) it. |
Have there been any updates on this? I am having the same issue; just wondering what the best way to get around this is? |
The workaround is to add the hashes to your Something like
Not ideal but it is better than The ideal situation would be to extract the css into it's own file and host it on a CDN. That way we can white list the file. |
same here. |
I can get two inline style hashes from sweetalert.min.js in Chrome. When added to the CSP header, Chrome doesn't complain anymore. |
Can you please elaborate on how to do this "Extract CSS into a file"? |
The package has a js version without embedding. |
In my project I have given the following meta tag (as shown in the screenshot followed):
<meta http-equiv="Content-Security-Policy" content="default-src http:">
When I load the page I get the following errors in my console:
Anyone faced this issue before?
Also BTW the name of my js file is sweetalert.min.js but the file content contains the unminified js!
The text was updated successfully, but these errors were encountered: