You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The dangerousDisableAssetCspModification is great for us because we've found that injecting nonces for style sheets didn't play well with the UI library we were using (lit). But it would be even better if there was an option to disable nonces for style and script tags individually! In our case, we'd like to disable the feature for style tags (since it breaks our app) but keep it for script tags (which are the more dangerous attack surface anyway).
Describe the solution you'd like
In addition to boolean values, also allow "script" | "style". For example, the following would disable nonces for style sheets only:
I like this idea, but I have one note: This specific config api only works with these 3 possible values: boolean | "script" | "style" since each are mutually exclusive. This is not a problem right now, but we should thin about other resource types in the future? Do we see Tauri injecting nonces for images in the future? Videos? Wasm?
Describe the problem
The dangerousDisableAssetCspModification is great for us because we've found that injecting nonces for style sheets didn't play well with the UI library we were using (lit). But it would be even better if there was an option to disable nonces for
style
andscript
tags individually! In our case, we'd like to disable the feature for style tags (since it breaks our app) but keep it for script tags (which are the more dangerous attack surface anyway).Describe the solution you'd like
In addition to boolean values, also allow
"script" | "style"
. For example, the following would disable nonces for style sheets only:Alternatives considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: