Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Map doesn't render inline styles with strict CSP #155

Open
WebDev-Akhil opened this issue Aug 1, 2024 · 0 comments
Open

[BUG] Map doesn't render inline styles with strict CSP #155

WebDev-Akhil opened this issue Aug 1, 2024 · 0 comments
Assignees
@yanivam
Labels
bug Something isn't working

Comments

@WebDev-Akhil
Copy link

Background: This is a next.js project, but this issue should be common for any web project which uses a strict Content Security Policy.

Problem: The map uses inline styles which are not rendering properly when the CSP's style-src is set to self. Adding unsafe-inline to the style-src does the job, but it is not a safe practice, so looking for better ways to handle this.

Suggested Solution: Implement a nonce in the API, so we can pass the nonce to override the styles of the map.

  <WorldMap
     color="red"
     title="Top 10 Populous Countries"
     value-suffix="people"
     size="lg"
     data={data}
     nonce={nonce} //where nonce is a random string passed as a prop. 
  />

More info: https://content-security-policy.com/examples/allow-inline-style/

Screenshot:
image
@WebDev-Akhil WebDev-Akhil added the bug Something isn't working label Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yanivam yanivam

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yanivam @WebDev-Akhil