CSP support solution conflicts with CSP hashes directives

When the CSP maintainers sent that code over, CSP did not support hashes or nonces. It now does. →

If you would like to help convert Editoria11y to nonce/hash based allow options, or help CSP document how to do it 📌 Provide a README Needs review , I would welcome the assistance.

Bah. I tried to get nonces working so that using nonces rather than hashes would be an option at least, but it looks like a lot of the relevant CSP module code has not landed and what has landed is not documented, so I didn't get far.

If you want to help with code or documentation, please do. Otherwise this issue might better be placed in the CSP module queue -- undocumented directives is going to guarantee module conflicts.

Alrighty then. That last commit abstracts all the CSS back out into a remote file, which removes the need for any CSP hashes or nonces at all.

This was how I did things in the 1.x branch. It makes development much more complicated for this sort of module; it makes theme conflicts more likely, I have to inject duplicate references to the file into each shadow component, and I can no longer compute values based on params that can't be converted to CSS variables...but...it looks like it works. I'll need to test more and update the docs before tagging a release...hopefully within the week.

Fixed in 2.1.11 →

Automatically closed - issue fixed for 2 weeks with no activity.

Thank you! I took a closer look at the original Sally code myself just to see what's going on here I think I understand why some of this was done the way it was done. I appreciate the effort to make it possible to run this with a CSP.