Two previous issues (#463 & #477) went a long way to making tarteaucitron play nicely with Content-Security-Policy headers. However, there are still two places where inline styles are used triggering a CSP error unless style-src 'unsafe-inline' is specified.
I'm not confident enough in the code to submit this as a PR, but the problems are as follows.
html += ' <button type="button" class="tarteaucitronDeny" style="visibility:hidden" tabindex="-1">';
I think that fixing this might require some new CSS / another class. I see there's a tarteaucitronHidden already but it doesn't do quite the same thing.
Two previous issues (#463 & #477) went a long way to making tarteaucitron play nicely with Content-Security-Policy headers. However, there are still two places where inline styles are used triggering a CSP error unless
style-src 'unsafe-inline'
is specified.I'm not confident enough in the code to submit this as a PR, but the problems are as follows.
The first is on line 531:
I think that fixing this might require some new CSS / another class. I see there's a tarteaucitronHidden already but it doesn't do quite the same thing.
The second is on line 639:
It seems the "display: block" here overrides the "display: none" in the CSS:
And in my tests, simply removing the "display: none" seems to fix it.