Make library compatible with CSP script-src (unsafe-inline)

Question

Make library compatible with CSP script-src (unsafe-inline)

abedimhosein opened this issue a year ago · 3 comments

Because of this type of tag:
<script type="text/javascript"> // something </script>

inside the html files, some pages(like playground or play.html) on sites that have set CSP script-src 'self' to their response headers do not work at all!

Content-Security-Policy Header

I use django-csp library to set CSP Header and this library suggests to use CSP_NONCE tag to use inline js inside html file like this:

Answer 1 · 2024-02-21T22:12:47.000Z

I proposed a fix here. Please take a look and leave any comments and I can merge and release as a patch.

#594

Answer 2 · 2024-02-24T10:49:13.000Z

I looked into this, I think it's ok and it solves the problem, thanks.

Answer 3 · 2024-02-26T15:58:49.000Z

Merged. Closing the issue. Thanks for finding it! The project is better for it.