Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove style-src directive checks #15

Merged
merged 1 commit into from
Jun 1, 2023
Merged

Conversation

jasonbarry
Copy link

@jasonbarry jasonbarry commented Jun 1, 2023

  • We were getting a lot of Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' does not appear in the style-src directive of the Content Security Policy. messages in console when deployed to netlify-react-ui. We're unclear why, but a cursory search turned up this StackOverflow post. This PR goes back to only setting the nonce on the script-src directive.
  • Adds in missing report-uri directive if a CSP is provided without one
  • Simplifies short-circuit condition based on request and response headers

@netlify
Copy link

netlify bot commented Jun 1, 2023

Deploy Preview for csp-nonce ready!

Name Link
🔨 Latest commit 43c7b38
🔍 Latest deploy log https://app.netlify.com/sites/csp-nonce/deploys/6478e8882ebce800083527e0
😎 Deploy Preview https://deploy-preview-15--csp-nonce.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@jasonbarry jasonbarry merged commit 42a2109 into main Jun 1, 2023
@jasonbarry jasonbarry deleted the fix/remove-style-src branch June 1, 2023 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant