typed.js cursor animation issue using strict Content Security Policy for style-src

Question

typed.js cursor animation issue using strict Content Security Policy for style-src

mik-kul opened this issue 2 years ago · 6 comments

Description

Greetings!

Unless my web server is configured with a CSP using style-src 'unsafe-inline', the cursor does not blink.
Apologies if this is not an actual issue pertaining to typed.js, but i'm looking for a workaround. Any suggestions?
I think this has to do with the style attribute that is changed/appended by type.js
Is there a way to add a nonce in typed.js file or elsewhere somehow or any other obvious workaround I am missing?

Many thanks and regards!

Steps to Reproduce

Update web server header configuration and set CSP style-src 'self'; (remove 'unsafe-inline')
Restart web server.

Expected behavior:
Typed cursor should blink.

Actual behavior:

Typed cursor does not blink (static).
CSP errors when running test on Google Lighthouse or Domsignal
Mozilla Observatory reports CSP as severe security issue.

Reproduces how often:
100%