react-tooltip icon indicating copy to clipboard operation
react-tooltip copied to clipboard
verified publisher icon ReactTooltip

The Insecure option does not work

Open eltoro opened this issue 4 years ago • 5 comments

The readme says:

Whether to inject the style header into the page dynamically (violates CSP style-src but is a convenient default)

But looking at the code it appears to be unused. Is this correct? Is there any way to not inject the styles?

eltoro avatar May 05 '21 12:05 eltoro

I am facing the same issue.

rahulsinghk avatar Nov 15 '21 08:11 rahulsinghk

Insecure option is not working for me too

simonantony12 avatar Dec 13 '21 14:12 simonantony12

not work for me either

shye0000 avatar Jan 28 '22 16:01 shye0000

I switched to OverlayTrigger, Tooltip from react-bootstrap. It works fine with strict csp

simonantony12 avatar Jan 28 '22 16:01 simonantony12

Yeah, it's unused:

https://github.com/wwayne/react-tooltip/blob/master/src/index.js#L149-L155

alexlouden avatar Feb 04 '22 07:02 alexlouden

If someone is still using v4, disableInternalStyle prop prevents styles from being injected.

a1sey avatar Oct 12 '23 09:10 a1sey

If anyone has issues with this and cannot enable the style-src 'unsafe-inline' CSP rule, do this:

import { Tooltip } from "react-tooltip";

import "react-tooltip/dist/react-tooltip.css";

export function Test () {
  return (
    <Tooltip
      // ...
      disableStyleInjection="core"
    />
  );
}

fabiolmorato avatar Feb 06 '24 12:02 fabiolmorato