Dropzone triggers a CSP style unsafe-inline error

[PlopTheReal]

When applying a strict CSP, dropzone raised the following errors: Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' 'nonce-mzYt1mIqhW+Sq+xEEMiM6g=='". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

[thecodejack]

Can you please share a PR with the fix?

[arackaf]

Ummm are you sure this is a bug with this library? It sounds like CSP is erroring out on the standard Svelte styling. This library uses the regular Svelte styling feature, which emits scoped css classes at runtime.

It sounds like this is triggering an error in your CSP. I don't think there's a way around that. Anything using this Svelte feature will cause the same error.

If I'm mistaken though feel free to share a repro here and re-open the issue.