Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chakra-UI requires 'unsafe-inline' in CSP for scripts, styles #172

Closed
humphd opened this issue Feb 10, 2023 · 0 comments · Fixed by #223
Closed

Chakra-UI requires 'unsafe-inline' in CSP for scripts, styles #172

humphd opened this issue Feb 10, 2023 · 0 comments · Fixed by #223
Labels
area: web Web development related things [front end/back end]

Comments

@humphd
Copy link
Contributor

humphd commented Feb 10, 2023

@Ririio ran into an issue today with bits of Chakra-UI refusing to work due to the requirement for unsafe-inline CSP. I thought we only needed this in development, but it looks like we're going to need a solution for production, too.

I added code to deal with this in dev, but production is going to break too, see https:/Seneca-CDOT/starchart/blob/main/server.ts#L14-L28

It looks like Emotion supports passing a nonce prop in the cache, see https://emotion.sh/docs/@emotion/cache#nonce and chakra-ui/chakra-ui#3294 (comment).

See also some other issues/PRs related to similar CSP issues in Chakra-UI.

We're going to need a solution before we can runt his in production.
@sirinoks sirinoks added the area: web Web development related things [front end/back end] label Feb 13, 2023
@humphd humphd mentioned this issue Feb 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: web Web development related things [front end/back end]
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Specify a nonce for all scripts humphd/starchart
2 participants
@humphd @sirinoks