CSP support solution conflicts with CSP hashes directives

Created on 12 April 2024, 9 months ago
Updated 3 May 2024, 8 months ago

Problem/Motivation

The solution to the parent issue was to add the 'unsafe-inline' directive to the CSP on pages where Editoria11y is active. However, this is in conflict with situations where a security policy is already using hashes to allow specific inline style element. If a hash is present, the 'unsafe-inline' is ignored. In my case, I use hashes to allow inline style inserted by the drupal/lazy contrib module and one other module. Because of the way the parent issue was solved, I have to choose one of the following solutions:

- Don't use Editoria11y;
- Don't use any other module that applies an inline style element; or
- Always allow unsafe-inline.

✨ Feature request
Status

Fixed

Version

2.1

Component

Conflicts with other modules

Created by

πŸ‡ΊπŸ‡ΈUnited States aaronpinero

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024