cxs-css / cxs

fast af css-in-js in 0.7kb
MIT License
1.19k stars 68 forks source link

feat(CSP): allow nonce #97

Open arahansen opened 6 years ago

arahansen commented 6 years ago

adding functionality for a nonce attribute to be applied to the injected style tag. This allows stricter CSP security settings to be applied server side, while still allowing for style injection.

This follows a convention set by webpack as seen here (it's essentially undocumented functionality).

And follows a similar setup to how styled components implements nonce attributes.

I tried to keep the bundle size under 1KB, but opted to bump up the threshold in favor of retaining readability of the file. If keeping it to 1KB is important, I can look for other savings? or maybe start uglifying this file to be a more representative format of what most consumers will ingest this lib as.

codecov-io commented 6 years ago

Codecov Report

Merging #97 into master will not change coverage. The diff coverage is 100%.

Impacted file tree graph

@@          Coverage Diff          @@
##           master    #97   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files           4      4           
  Lines         107    109    +2     
=====================================
+ Hits          107    109    +2
Impacted Files Coverage Δ
src/monolithic.js 100% <100%> (ø) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 61e40b2...bd2ad91. Read the comment docs.