Skip to content

[CSP (Content Security Policy)]: Ensure components, tests, and storybook are able to demonstrate usage with a CSP #10763

New issue
New issue
Open
Open
[CSP (Content Security Policy)]: Ensure components, tests, and storybook are able to demonstrate usage with a CSP#10763

Description

@andy-blum

andy-blum
openedon Jul 28, 2023

The problem

JIRA Ticket: https://jsw.ibm.com/browse/ADCMS-2780

As initially raised in #9599 and #9675, the Cloud Console team wants to enable a strict content security policy. We made several attempts, but none were fully browser-compliant as our dependencies didn't support what we needed to do.

With the carbon updates below, this should be possible in version 2.0.0
#6361
#10378

Usage by Lit

https://lit.dev/docs/api/ReactiveElement/#ReactiveElement.styles

To provide a nonce to use on generated <style> elements, set window.litNonce to a server-generated nonce in your page's HTML, before loading application code:

<script>
  // Generated and unique per request:
  window.litNonce = 'a1b2c3d4';
</script>

Usage by Storybook

At this time I'm unable to find documentation on how to do this, but the issues below may be helpful:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

Feature requestA new adopter requested featureadopter: AEMused when component or pattern will be used by this adopteradopter: Innovation Teamused when component or pattern will be used by this adopterowner: Innovation Teamused when the engineering work will be done by Hybrid Cloud with DDS engineers as consultantspackage: web componentsWork necessary for the IBM.com Library web components package

Type

No type

Projects

Carbon for IBM.com

  • Status

    Triage

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions