Open vilidou opened 2 years ago
@vilidou as Griffel is used for styling, you can use createDOMRenderer()
API to create a renderer with required attributes, for example:
import * as React from "react";
import { createDOMRenderer, RendererProvider } from "@griffel/react";
function AppContainer(props) {
const { children, targetDocument = document } = props;
const renderer = React.useMemo(
() =>
createDOMRenderer(targetDocument, {
styleElementAttributes: {
nonce: "random" /* you can a value that works for you there */,
},
}),
[targetDocument]
);
return (
<RendererProvider renderer={renderer} targetDocument={targetDocument}>
{/* Children components */}
{children}
</RendererProvider>
);
}
@layershifter this could work - but are there plans to support nonce at of the box?
@tomi-msft - the script above forces users to know about implementations details (Griffel) - so IMO we should not close this issue?
@layershifter this could work - but are there plans to support nonce at of the box?
We don't have a feature request for that in Griffel and AFAIK there is no CSS-in-JS that supports it out of the box. More or less, we are currently in the same position as styled-components
: https://github.com/styled-components/styled-components/issues/2363#issuecomment-895464410
We are working on an application that requires strict Content Security Policies (CSP). When using icons from this library, we get CSP violations because the library injects inline
<style>
elements without using ournonce
.Here is the error:
I noticed that we are using griffel to add inline style (@griffel/core/renderer/getStyleSheetForBucket.esm.js) and their team recently added support for
nonce
- see https://github.com/microsoft/griffel/pull/86I am not seeing any
nonce
/csp topics in this repo. How can I use these icons with strict CSP policies ?