csp nonce configuration doesn't seem to work
RickLucassen opened this issue · 1 comments
Noticed that when using the <ConfigProvider csp={{ nonce: "test" }} > configuration capabilities from Ant Design this isn't being applied properly by rc-util.
While debugging I noticed that the configuration does reach the code (https://github.com/react-component/util/blob/master/src/Dom/dynamicCSS.ts#L64) but somehow doesn't add it when for example a stylesheet is injected for the datepicker component of Ant Design.
Seemingly changing the line in https://github.com/react-component/util/blob/master/src/Dom/dynamicCSS.ts#L64
from:
styleNode.nonce = csp?.nonce;
to
styleNode.setAttribute("nonce", csp.nonce);
does fix this.
Does anyone have any other idea as to why this doesn't work in the browser but seems to work within the testcases of this library?
A reproduction can be found here: https://codesandbox.io/s/antd-reproduction-template-forked-su9wdz
When you check the console you can see the stylesheet is injected without setting a nonce:
