bullet icon indicating copy to clipboard operation
bullet copied to clipboard

Published 20 hours ago verified publisher icon flyerhzm

Nonces are not applied to inline CSS styles

Open rbclark opened this issue 1 year ago • 0 comments

In my Rails application I have both style and script tags setup to require nonces. When bullet loads with a CSP required it properly handles script tags but does not add a nonce to style tags. This causes errors to show up on the console but causes no errors to actually show up on the page.

Relevant parts of the content security policy:

  config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
  config.content_security_policy_nonce_directives = %w[script-src style-src]

rbclark avatar Mar 23 '23 21:03 rbclark