Ability to pass nonce as a prop to the underlying script.

Question

Ability to pass nonce as a prop to the underlying script.

Closed this issue 8 months ago · 1 comments

Discussed in #28

^{Originally posted by Ekthelion January 30, 2024}
If the app is using nonce in CSP agains the XSS attacks, script is being ignored/removed and a CSP error is being thrown.
To solve this, the script with the clientThemeCode schould include the nonce attribute passed down from the root.tsx.
//root.tsx

<PreventFlashOnWrongTheme nonce={nonce} ssrTheme={Boolean(ssrTheme)} />

//theme-provider

function PreventFlashOnWrongTheme({ ssrTheme, nonce }) {
    const [theme] = useTheme();
    return ((0, jsx_runtime_1.jsxs)(jsx_runtime_1.Fragment, { children: [(0, jsx_runtime_1.jsx)("meta", { name: "color-scheme", content: theme === 'light' ? 'light dark' : 'dark light' }), ssrTheme ? null : ((0, jsx_runtime_1.jsx)("script", { 
                ...
                nonce: nonce,
                dangerouslySetInnerHTML: { __html: clientThemeCode } }))] }));
}
```</div>

Answer 1 · 2024-02-02T13:35:55.000Z

🎉 This issue has been resolved in version 1.3.1 🎉

The release is available on:

Your semantic-release bot 📦🚀