CSP - CSS Injector - Githubissues

klendi / react-top-loading-bar

A very simple, highly customisable youtube-like react loader component.

https://klendi.github.io/react-top-loading-bar/

MIT License

708 stars 60 forks source link

CSP - CSS Injector #18

Closed AndrePinto-NET closed 4 years ago

AndrePinto-NET commented 5 years ago

The CSS injector violates a secure content security policy. In order for this to work, unsafe-inline must be used on the style-src attribute.

It should be possible to define if we want to import the CSS manually or automatically. In my opinion, you could completely remove the automatic inject of CSS, because this is insecure.

klendi commented 5 years ago

@AndrePinto-NET hello. yes that might be insecure but that was the way to go the library boilerplate generator I used. What should I replace it with ? styled-components. That will just make the size huge. also can't make it inline since it has animations in the css lines. What do you suggest?

klendi commented 4 years ago

A new typescript version is coming that is going to fix this.

klendi commented 4 years ago

Css injection is removed from the latest version.