Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for CSP nonce #384

Closed
asual opened this issue Aug 9, 2024 · 10 comments · Fixed by #386
Closed

Add support for CSP nonce #384

asual opened this issue Aug 9, 2024 · 10 comments · Fixed by #386

Comments

@asual
Copy link

asual commented Aug 9, 2024

Can you please consider adding support for a nonce attribute to the style element that this library injects in the DOM. The custom cursor logic currently doesn't work when CSP is configured to expect a specific nonce.

References:
https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
@bvaughn
Copy link
Owner

bvaughn commented Aug 9, 2024

Want to post a PR that adds a nonce prop and passes it through to the style in an effect?

@bvaughn
Copy link
Owner

bvaughn commented Aug 13, 2024
edited
Loading

Can you please consider adding support for a nonce attribute to the style element that this library injects in the DOM. The custom cursor logic currently doesn't work when CSP is configured to expect a specific nonce.

Re-visiting this issue today and wanted to ask for clarification. This library does not inject a "style element" into the DOM. (No HTMLStyleElements are used.) It uses inline styles only.

@asual
Copy link
Author

asual commented Aug 14, 2024

I didn't investigate much but I thought that the issue is caused by the setGlobalCursorStyle function.

@bvaughn
Copy link
Owner

bvaughn commented Aug 14, 2024

Ah, I believe you're right. It's been a while since I wrote that code and I had overlooked it because I was thinking about the panels/views themselves.

@asual
Copy link
Author

asual commented Aug 14, 2024

The simplest fix for my specific case would be the addition of the following just before the linked setGlobalCursorStyle line but it will be a very bundler-specific solution:
styleElement.setAttribute("nonce", __webpack_nonce__);

I guess we either need a new PanelGroup prop or some other workaround.

@bvaughn
Copy link
Owner

bvaughn commented Aug 14, 2024

I can't add anything like that to this project :) Would need to think of a way for people to configure (opt in to) this functionality.

@bvaughn bvaughn closed this as completed Aug 14, 2024
@bvaughn bvaughn reopened this Aug 14, 2024
@bvaughn
Copy link
Owner

bvaughn commented Aug 14, 2024

I didn't intend to close this issue when leaving my previous comment. (Sorry!)

@bvaughn
Copy link
Owner

bvaughn commented Aug 14, 2024

Check out #386. Would this suffice for your use-case?

To use it, you'd need to do something like this:

import { setNonce } from "react-resizable-panels";

setNonce("whatever");

@bvaughn bvaughn mentioned this issue Aug 14, 2024
Merged
@asual
Copy link
Author

asual commented Aug 15, 2024

I can confirm that the change fixes my use-case. Thanks!

@bvaughn
Copy link
Owner

bvaughn commented Aug 15, 2024

Published in version 2.1.0

❤️ → ☕ givebrian.coffee

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@bvaughn @asual