To harden an app's content security policy, one may need to pass a nonce to the <style> tag to whitelist that inline style for strict CSP policies; this app just hardcodes a <style> tag with no nonce so it doesn't allow providing one. Would be great if that weren't the case!
To harden an app's content security policy, one may need to pass a
nonceto the<style>tag to whitelist that inline style for strict CSP policies; this app just hardcodes a<style>tag with no nonce so it doesn't allow providing one. Would be great if that weren't the case!