allow using strict CSP config
HeedjyCompany opened this issue · comments
Is your feature request related to a problem? Please describe.
using CSP "style-src 'self'" rule is not possible with the component.
using CSP "style-src 'unsafe-inline' is not an option for security.
Describe the solution you'd like
add a nonce attribute on the component that will be passed to the style tags created by the component
(so we can set the same nonce value in the style-src header)
Describe alternatives you've considered
using the hash nonce is not practical because it will change on every lib upgrade.
Additional context
@HeedjyCompany This makes sense as of now tsdx
automatically injects css I'll have do little more research for this, and look at how others have managed to solve this issue
anyway ideas welcome