Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Feature request: Make vanilla-picker work with strict CSP header
See original GitHub issueHi! We are trying to migrate to a stricter Content-Security-Policy header. However, this currently does not work with vanilla-picker. The header we want to enforce is as follows:
Content-Security-Policy: img-src 'self' data:; default-src 'self'
This header causes dynamically injected <style> elements to no longer work. They will be ignored and produce an error. Example in Chrome:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". [...]
./node_modules/vanilla-picker/dist/vanilla-picker.mjs @ vanilla-picker.mjs:504
The way to fix this could be to add a new option externalCss: true somewhere, which would prevent the dynamic <style> injection. Additionally the user would have to manually import the CSS file using a <link> element, or bundling it in webpack.
Note that directly applying styles to an element is not affected by this, e.g. uiSL.style.color = ... still works fine.
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Works perfectly now! Many thanks! ❤️
Ok, we’re getting closer 😃 Try
v2.12.1