emoji-picker-react icon indicating copy to clipboard operation
emoji-picker-react copied to clipboard

Published 20 hours ago verified publisher icon ealush

unsafe-inline needed for CSP header

Open penfold45 opened this issue 4 years ago • 1 comments
trafficstars

I did not notice but you are also injecting inline css which would require unsafe-inline to be set in the header which is again not great.

Is there a way to stop the inline styles? I am using INLINE_RUNTIME_CHUNK=false npm run build which has removed all the other inline styles.

Thanks

Originally posted by @penfold45 in https://github.com/ealush/emoji-picker-react/issues/181#issuecomment-804267208

penfold45 avatar May 06 '21 15:05 penfold45

Hm. Yes. I can understand why this happens. Unfortunately, the picker is bundled in a way that relies on injecting the style tags at least for this major version. Next version may change it, but it may take a while.

Would consuming the picker from source work for you in that case? You will have to bundle it yourself, but will have full control of the styles injection.

If so, I'll remove the source from npmingnore.

ealush avatar May 19 '21 10:05 ealush