Add support for __webpack_nonce__ to inline styles CSP

### Bug Report or Feature Request (mark with an `x`)
```
- [ ] bug report -> please search issues before submitting
- [x] feature request
```

### Command (mark with an `x`)
```
- [ ] new
- [x] build
- [ ] serve
- [ ] test
- [ ] e2e
- [ ] generate
- [ ] add
- [ ] update
- [ ] lint
- [ ] xi18n
- [ ] run
- [ ] config
- [ ] help
- [ ] version
- [ ] doc
```

### Versions
node: 10.8.0
npm: 6.3.0
ng: 6.2.3
os: Windows 10

### Desired functionality
I would like the ability to define a nonce generated on the server that angular will add to the inline styles so that I can comply with business requirements not to use 'unsafe-inline' in CSP.

### Mention any other details that might be useful
https://webpack.js.org/guides/csp/
https://github.com/webpack-contrib/style-loader/pull/319

Adding __webpack_nonce__ to the entry file did work for injected script tags but not the injected style tags used for the component css.

This is more of a support question but worth considering when documenting. To use this feature properly we should cryptographically generate the nonce on the server when serving the angular app to the client and use in entry file. Not sure the intended webpack way to do this but tried this suggestion without success https://github.com/styled-components/styled-components/issues/887#issuecomment-376858712 .

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for __webpack_nonce__ to inline styles CSP #12378

mcm-ham
openedon Sep 27, 2018

Bug Report or Feature Request (mark with an `x`)

Command (mark with an `x`)

Versions

Desired functionality

Mention any other details that might be useful

Assignees

Labels

Type

Projects

Milestone

Relationships

Development