Hi!
I am using next-themes for darkmode functionality on my site, which is inserting a script block into the <body>.
This block isn't trustified by next-safe-middleware and causing a CSP error. I was wondering if it is possible to hash it manually and pass the hash to the CSP policy somehow?
I tried creating a script-src directive and adding the hash, but the policy appears to be overwritten when the site is deployed:
Hi! I am using next-themes for darkmode functionality on my site, which is inserting a script block into the
<body>.This block isn't trustified by
next-safe-middlewareand causing a CSP error. I was wondering if it is possible to hash it manually and pass the hash to the CSP policy somehow?I tried creating a script-src directive and adding the hash, but the policy appears to be overwritten when the site is deployed:
Is there a way to achieve this? (Apologies in advance if I have missed something obvious)