Open mawinter69 opened 3 weeks ago
Hmm. Are such strict CSPs common? I commonly saw "safe" policies using "unsafe-inline" for styles. Even https://csp-evaluator.withgoogle.com/ does not complain about "unsafe-inline" for styles.
(Nevertheless, I do agree it would be better to change the plugin to not need such exceptions...)
What feature do you want to see added?
When you add a CssTextTheme element, this is rendered as an inline
style
element. This is a violation of common CSP settings. The Element should either be deprecated or changed in a way so that it generates an url from were the css is loaded e.g. via anUnprotectedRootAction
Upstream changes
No response
Are you interested in contributing this feature?
No response