search

emotion-js / emotion

👩‍🎤 CSS-in-JS library designed for high performance style composition
https://emotion.sh/
MIT License
17.49k stars 1.11k forks source link

CSP Nonce dont apply when use prop speedy false #2708

Open SrVieira opened 2 years ago

SrVieira commented 2 years ago

Current behavior:

We use nonce to prevent CSP problems and this case the prop speedy: true is necessary. But when run application on safari and ios 15 I had a problem with shadow dom. Like here: https://github.com/emotion-js/emotion/issues/2508. I followed a tip of this thread and setting up the speedy to false but this dont works together with the nonce and appear CSP violations errors on browser.

Shadow dom problem dont ocurr on latest version of IOS and Safari

Works only on IOS/Safari latest versions:

const emotionCache = createCache({
    key: 'emotion-key',
    speedy: true,
    prepend: true,
    nonce: nonce
});

Work on IOS/Safari all versions but broken CSP:

const emotionCache = createCache({
    key: 'emotion-key',
    speedy: false,
    prepend: true,
    nonce: nonce
});
Andarist commented 2 years ago

Please always try to share a repro case in a runnable form - either by providing a git repository to clone or a codesandbox. OSS maintainers usually can't afford the time to set up the repro, even if exact steps are given.