Nonce implementation for typestyle package

OfficeDev / msteams-ui-components

Empowering developers to build beautiful Microsoft Teams integrations

MIT License

93 stars 29 forks source link

Nonce implementation for typestyle package #192

Open shefalikuk opened 5 years ago

shefalikuk commented 5 years ago

Nonce implementation for typestyle package. This causes issue to load inline styles and hence is blocked by style-src directive of Content-Security-Policy

Reference link here:- https://github.com/typestyle/typestyle/pull/267

MatSFT commented 5 years ago

With the way this library is written, all of our styles end up injected into the dom directly instead of referenced from another file that gets pulled form the server. I don't think setting the nonce will make a difference.

MatSFT commented 5 years ago

If you have a PR with the suggested change, we will be sure to look at it.

iyerswapnil94 commented 5 years ago

Raised the PR mentioned above. Content-Security-Policy (when implemented) should have the same random number present in the nonce attribute. Currently the random number is hardcoded. It can be made to be generated randomly