progress icon indicating copy to clipboard operation
progress copied to clipboard
verified publisher icon inertiajs

CSP Nonce Support

Open ajsheldon93 opened this issue 3 years ago • 2 comments

Getting the error: vendor.js:653 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://fonts.googleapis.com 'nonce-gNubTa9xLIALXt6z6cKEdnsNwMUGMx6d'". Either the 'unsafe-inline' keyword, a hash ('sha256-UTjtaAWWTyzFjRKbltk24jHijlTbP20C1GUYaWPqg7E='), or a nonce ('nonce-...') is required to enable inline execution.

This is caused by the inline styles injected from this plugin.

Can support for a nonce be added? unsafe-inline is not allowed in my application.

ajsheldon93 avatar Apr 04 '22 14:04 ajsheldon93

Have this same problem on mine as well, looking forward to have a solution for this

d8vjork avatar Jun 15 '22 12:06 d8vjork

It's not resolving the nonce issue but to get around it I did the following:

  1. When initializing InertiaProgress set 'includeCSS' to false;
InertiaProgress.init({ includeCSS: false });
  1. In my main CSS file import the default nprogress css;
@import 'nprogress/nprogress.css';
  1. Then override the default colours;
#nprogress .bar {
    background: #29d;
}

#nprogress .peg {
    box-shadow: 0 0 10px #29d, 0 0 5px #29d;
}

#nprogress .spinner-icon {
    border-top-color: #29d;
    border-left-color: #29d;
}

RJ2020DD avatar Jul 06 '22 13:07 RJ2020DD