You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
I'm frustrated because I cannot use the ResponsiveBar component on my app because my CSP policy uses style-src 'self' 'nonce-${cspNonce}'. It blocks the component and nothing is rendered.
It is interesting that the component ResponsiveTimeRange works fine but ResponsiveBar and ResponsiveMarimekko does not work with the refered csp policy enabled. Maybe some dependencies in some components are triggering the CSP.
Describe the solution you'd like
A clear and concise description of what you want to happen.
I would like to be able to add a attribute "nonce ={nonce}" on the Nivo Component and be able to use it with the CSP style-src 'self' 'nonce-${cspNonce}' set.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
I don't want to use unsafe-inline or unsafe-eval for security reasons. I prefer using nonce.
Additional context
Add any other context or screenshots about the feature request here.
Here is a screenshot of the csp error that blocks the nivo component:
The text was updated successfully, but these errors were encountered:
joaoguidev
changed the title
Improve Safety: Add a nonce parameter to Nivo components so it conforms with Content Security Policy (CSP) style-src 'self' 'nonce-${cspNonce}'Mar 6, 2024
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
I'm frustrated because I cannot use the ResponsiveBar component on my app because my CSP policy uses style-src 'self' 'nonce-${cspNonce}'. It blocks the component and nothing is rendered.
It is interesting that the component ResponsiveTimeRange works fine but ResponsiveBar and ResponsiveMarimekko does not work with the refered csp policy enabled. Maybe some dependencies in some components are triggering the CSP.
Describe the solution you'd like
A clear and concise description of what you want to happen.
I would like to be able to add a attribute "nonce ={nonce}" on the Nivo Component and be able to use it with the CSP style-src 'self' 'nonce-${cspNonce}' set.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
I don't want to use unsafe-inline or unsafe-eval for security reasons. I prefer using nonce.
Additional context
Add any other context or screenshots about the feature request here.
Here is a screenshot of the csp error that blocks the nivo component:
The text was updated successfully, but these errors were encountered: