Would it be possible to add an option to add a nonce value eg 'nonce': <%:csp_nonce%>' to the initialisation of glightbox which is then passed on to the dynamically generated tags?
I have a content security policy on my website and I'm loading the script with:
<script nonce="<?php echo $csp_nonce;?>" src="<?php echo $domain;?>/assets/vendor/glightbox/js/glightbox.min.js"></script>
I could probably modify the source code of the un-minified glightbox.js script, as it generates dynamic script and style tags when the lightbox is enabled and navigation appears etc, and using 'strict-dynamic' in the CSP does not seem to work.
If you add the Plyr script statically before the Glightbox script, it should work. Glightbox checks for Plyr in the window object before adding the assets.
Hi,
Would it be possible to add an option to add a nonce value eg
'nonce': <%:csp_nonce%>'
to the initialisation of glightbox which is then passed on to the dynamically generated tags?I have a content security policy on my website and I'm loading the script with:
<script nonce="<?php echo $csp_nonce;?>" src="<?php echo $domain;?>/assets/vendor/glightbox/js/glightbox.min.js"></script>
I could probably modify the source code of the un-minified glightbox.js script, as it generates dynamic script and style tags when the lightbox is enabled and navigation appears etc, and using 'strict-dynamic' in the CSP does not seem to work.