search

palantir / dropwizard-web-security

A Dropwizard bundle for applying default web security functionality
https://bintray.com/palantir/releases/dropwizard-web-security/view
Apache License 2.0
37 stars 16 forks source link

allow inline styles #52

Closed jmcampanini closed 8 years ago

jmcampanini commented 8 years ago

the current default for ContentSecurityPolicy is default-src 'self'

would like to change this to allow inline CSS for dynamic elements. the change would be to:

default-src 'self'; style-src 'self' 'unsafe-inline'

@adidahiya will this be sufficient for your needs?

// tagging for SA @akroy @qinfchen @tomshen

adidahiya commented 8 years ago

:+1: sgtm

hellochar commented 8 years ago

:+1: we're currently overriding the the csp in our product to allow for this