Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CSP Issues

See original GitHub issue

Hello @zVolodymyr,

Unfortunately the creation of those style blocks result in violations to csp settings in regards to inline-styles. Do you see any possibility to introduce an option, to style all elements directly with js calls, instead of providing a style block?

Thanks and best regards

Thiemo

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:6 (2 by maintainers)

Top GitHub Comments

3reactions

VolodymyrBaydalkacommented, Nov 17, 2021

As far as I know csp restricts from appending <style> into document, but not from creating <style> element. Knowing that, there is one quick workarround but only for chrome (for know), but maybe it will give you some ideas for futher investigation:

var container = document.getElementById("doc");
// create dummy container for styles
var stylesContainer = document.createElement("div");

docx.renderAsync(file, container, stylesContainer).then(function(x){ 
    // convert rendered styles into CSSStyleSheet
    var styles = Array.from(stylesContainer.children).map(s => {
        var css = new CSSStyleSheet();
        css.replaceSync(s.innerHTML);
        return css;
    }); 

    // apply styles to document
    document.adoptedStyleSheets = styles;
    // or apply styles to each element of content container manually
});

0reactions

theimo1221commented, Nov 18, 2021

#17 resolves the topic for me.

Top Results From Across the Web

Content Security Policy (CSP) - HTTP - MDN Web Docs

Chrome Edge Content‑Security‑Policy Full support. Chrome25. more. Toggle history Full sup... base‑uri Full support. Chrome40. Toggle history Full sup... block‑all‑mixed‑content. Deprecated Full support. ChromeYes. Toggle history...

blocked:csp Understanding why CSP blocks resources

You may be seeing blocked:csp in Chrome developer tools when the browser is trying to load a resource. It might show up in...

The negative impact of incorrect CSP implementations - Invicti

This post examines incorrect CSP implementations on the New Yorker and Blogger and points out common issues in CSP implementations.

What is Content Security Policy (CSP) | Header Examples

A Content Protection Policy (CSP) adds protection measures against XSS, clickjacking, and other code injection attacks. Learn how.

Implementing CSP and Trusted Types debugging in Chrome ...

This blog post is about the implementation of DevTools support for debugging Content Security Policy (CSP) issues with the help of the ...