search

FortAwesome / angular-fontawesome

Official Angular component for Font Awesome 5+
https://fontawesome.com
MIT License
1.49k stars 152 forks source link

CSP error appeared since installing version 15 #453

Closed tom-vism closed 1 month ago

tom-vism commented 2 months ago

Describe the problem

In our application we have to comply to strict CSP policy requirements. We add nonce tag to all our inline styles. We were using this package all the time and did not have the issue, but since upgrading from version 0.14.1 to version 0.15 a CSP error appeared.

image

What did you expect?

No CSP errors in version 0.15.

Reproducible test case

In the example nonce is defined in index.html and is set with CSP nonce provider in main.ts. Importing and using fa-icon shows csp error in the console.

https://stackblitz.com/edit/euctsg-bfqynn?file=src%2Fmain.ts

devoto13 commented 2 months ago

Well, if you downgrade the library to 0.14.1 in that StackBlitz, you'll still get the CSP error 🤷

I wonder if you have configured @fortawesome/fontawesome-svg-core and set autoAddCss = false (docs). And then either added the styles manually with nonce=3JfBRn4Ph2hfsDzl+NFNzopACC4= attribute elsewhere or loaded it from the https URL.

Most likely this change is a culprit and you need to disable automatic style insertion using the new configuration property to get rid of the error - see Adding CSS guide for more details.

tom-vism commented 1 month ago

Yes, I had configured the @fortawesome/fontawesome-svg-core to autoAddCss = false. The styles were added manually and loaded via angular.json "styles" property. I followed the guide you provided, and seems that CSS issue is gone.