CSP error when using next/image #45184
Comments
|
I have the same issue. I haven't applied any inline styles, but as ennair says next seem to add style="color:transparent" which triggers an error. |
|
Same problems here, does the |
|
Is there an update on this? I'm running into the same thing |
|
Still getting |
|
This is quite annoying when trying to enforce strict CSP. A workaround is to add |
|
@MathiasGruber I just tried your Are you sure your workaround works, what can I be doing wrong if so? |
This comment has been minimized.
This comment has been minimized.
|
I also am experiencing this error. If we follow the CSP docs as laid out, you encounter errors in the console in prod mode when using the next image component since there is an inline style applied. |
|
This is still an issue. Though there's a workaround in Next 14.1.0, with I wonder if there are grounds to have an API to tell Next.js to apply CSS classes instead? In a sort of, I know what I am doing, we'd tell Next.js that, these styles are found in a global CSS class, and it would have to trust that they do exist. |
|
I found a way to use my custom style with |
|
Now in 14.1.x, you can use |
|
Yeah, I started to make a reusable component at start, but at the end I preferred having the little style override. For record: // Image.tsx
import NextImage, { getImageProps } from 'next/image';
import { ComponentProps } from 'react';
export default function Image(props: ComponentProps<typeof NextImage>) {
const { props: nextProps } = getImageProps({
...props,
});
const { style: _omit, ...delegated } = nextProps;
return <img {...delegated} />;
}Then use EDIT: my workaround mentioned above is more about using a custom style despite having the |
|
Thank you for sharing this @sneko - this worked great for me and got me around the CSP issues I was facing! I like this reusable component approach and how it doesn't trigger the CSP error: Really appreciate you making this and sharing it! |
|
I'm facing the same issue, where the discussions about removing
I've (quickly) tested this today (on 14.2.1) and there doesn't seem to be any visual regression as far as I can see. Obviously @icyJoseph's solution will omit the style tag, and in #61388 (comment) @sneko's solution seems viable, but do we know if @leerob's claim that they are really necessary is valid? Why are the inline styles added in the first place? If they are needed, what breaks if they are not? |
|
style="color: transparent" is very bad for Svg with fill="currentColor"! |
|
Help us @leerob!!! .. can you explain why |
Some browsers show the alt text, while the image is loading, and that can cause CLS. @Bernardoow I added a link to the PR that introduced that |
|
Heeeyy @icyJoseph !! Thank you !! I'm new with NextJS and with your link I got what I was looking for. I found where was added the
|
This workground only works in client components |
Verify canary release
Provide environment information
Operating System:
Platform: darwin
Arch: arm64
Version: Darwin Kernel Version 21.6.0: Sun Nov 6 23:29:57 PST 2022; root:xnu-8020.240.14~1/RELEASE_ARM64_T8101
Binaries:
Node: 18.12.1
npm: 9.3.1
Yarn: 3.3.1
pnpm: N/A
Relevant packages:
next: 13.1.5-canary.2
eslint-config-next: 13.1.4
react: 18.2.0
react-dom: 18.2.0
Which area(s) of Next.js are affected? (leave empty if unsure)
Image optimization (next/image, next/legacy/image)
Link to the code that reproduces this issue
https://github.com/ennair/next-test/tree/next-image-test
To Reproduce
Describe the Bug
When using next/image it always adds inline styling on the image. It adds: style="color:transparent".
Also in case I add my own styling. Because of this, I get a CSP error. I have to add style-src 'unsafe-inline', which I do not want to add.
Expected Behavior
Next/image should not add inline styling on the image component.
Which browser are you using? (if relevant)
No response
How are you deploying your application? (if relevant)
No response
The text was updated successfully, but these errors were encountered: