Notistack v3 doesn't support CSP

iamhosseindhv / notistack

Highly customizable notification snackbars (toasts) that can be stacked on top of each other

https://notistack.com

Other

3.94k stars 298 forks source link

Notistack v3 doesn't support CSP #552

Open EdisonHarada opened 1 year ago

EdisonHarada commented 1 year ago

The v3 does not support CSP (content security policy) as it uses goober to create the CSS.

Expected Behavior

When the CSS is created by Notistack we should be able to pass the property "nonce" to be injected on the style tag.

Current Behavior

Nothing can be injected on the style tag.

Context

CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Your Environment

Tech	Version
Notistack	v3.0.1
React	18.2.0

drekinov commented 1 year ago

We just discovered same issue after stage deployment where CSP is available. Meanwhile will revert to previous version.

pcorpet commented 1 year ago

Probably linked to https://github.com/cristianbote/goober/issues/471 (which contains a workaround)

longsleep commented 1 year ago

The "goober workaround" does not work. Reverting notistack to 2.0.8 works just fine.

goodslav commented 12 months ago

Is there a plan to get this fixed soon?

darlantc commented 6 months ago

Can I expect this to be fixed in the near future?

I'm considering replacing Notistack soon because downgrading to v2 isn't an option for us, and the CSP errors are going to be noticed on pentest over our app.