This repository was archived by the owner on Nov 25, 2022. It is now read-only.
This repository was archived by the owner on Nov 25, 2022. It is now read-only.
Support stricter Content Security Policies #223
Description
Your script is adding its own inline styles and scripts to the DOM, which can fail to be executed if a struct CSP is defined for the page. Could publish the sha-256-... value for your scripts and styles so that we don't have to fall back to the 'allow everything' setting or find our own hacks to get that content into the page. You could also provide a mechanism by which we deliver the nonce value to your yet-to-be-added scripts, insecure as that may be.
You could also let us build your styles into our bundling pipelines.