Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incompatibility with strict CSPs #449

Open
arnemolland opened this issue Jun 13, 2024 · 6 comments
Open

Incompatibility with strict CSPs #449

arnemolland opened this issue Jun 13, 2024 · 6 comments

Comments

@arnemolland
Copy link

arnemolland commented Jun 13, 2024
edited
Loading

Describe the feature / bug 📝:

Sonner does not work with strict CSPs as there's inline styles.

Steps to reproduce the bug 🔁:

  1. Use any CSP with the style-src directive set to anything other than unsafe-inline.

I'm looking into some fixes, but in essence all styles have to be defined in stylesheets for other CSPs to work. If it's impractical to apply a fix, there's always the fork and modify path but having support baked in would be nice.
@arnemolland arnemolland changed the title Issues with strict CSP Incompatibility with strict CSPs Jun 13, 2024
@arnemolland
Copy link
Author

arnemolland commented Jun 13, 2024
edited
Loading

Worth mentioning if someone else stumbles across this; I'm currently (manually) creating hashes of the computed inline styles and using unsafe-hashes to allow them. Without any modifications, these are the hashes needed to allow the inline styles from sonner:

  • 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
  • qixoDh78J8vISHKC3rLI7qSXmTShr8mhsUgjJL7W7aU=
  • 3gJFr3n77fnX5qwQpGju/zCOsoHW5RMqQd5XOb9WFcA=

Which can be used with the style-src directive like this:

style-src 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-qixoDh78J8vISHKC3rLI7qSXmTShr8mhsUgjJL7W7aU=' 'sha256-3gJFr3n77fnX5qwQpGju/zCOsoHW5RMqQd5XOb9WFcA=';

@BaDo2001
Copy link

+1

2 similar comments
@louis-foucart
Copy link

+1

@WoetDev
Copy link

WoetDev commented Jul 30, 2024

+1

@WoetDev WoetDev mentioned this issue Jul 30, 2024
Open
2 tasks
@AkshayCloudAnalogy
Copy link

+1

1 similar comment
@willrp
Copy link

willrp commented Oct 28, 2024

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@arnemolland @AkshayCloudAnalogy @willrp @BaDo2001 @WoetDev @louis-foucart