CSP usage doesn't work in all cases - Githubissues

primefaces / primevue

Next Generation Vue UI Component Library

https://primevue.org

MIT License

10.48k stars 1.22k forks source link

CSP usage doesn't work in all cases #5451

Open opterus opened 7 months ago

opterus commented 7 months ago

Describe the bug

We have the nonce configured as part of the PrimeVue setup, but there are still many warnings.

They seem to come from a few places as seen in the screenshot.

Reproducer

https://stackblitz.com/edit/primevue-create-vue-issue-template-qkd4pt

PrimeVue version

3.50.0

Vue version

3.x

Language

TypeScript

Build / Runtime

Vue CLI App

Browser(s)

No response

Steps to reproduce the behavior

Use the reproducer, you will immediately see the console warning, also hovering over the button will produce another warning.

Screenshot 2024-03-20 at 12 13 01 PM

Expected behavior

No warning or errors in the console

opterus commented 7 months ago

The nonce is configured like this:

app.use( PrimeVue, { ripple: true, csp: { nonce: " }, } );