You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When setting some strict CSP directive (like "default-src 'self'"), <style> tags are rejected.
I suspect a sane approach to this -without whitelisting, nonce or hash- would be to optionally call the method on the first call to inject, rather than on creation?. The css to prevent image flash would need to be included in an external css, which I feel is fairly straighforward.
Or maybe there's some other approach I'm not seeing.
The text was updated successfully, but these errors were encountered:
When setting some strict CSP directive (like "default-src 'self'"), <style> tags are rejected.
I suspect a sane approach to this -without whitelisting, nonce or hash- would be to optionally call the method on the first call to inject, rather than on creation?. The css to prevent image flash would need to be included in an external css, which I feel is fairly straighforward.
Or maybe there's some other approach I'm not seeing.
The text was updated successfully, but these errors were encountered: