react-sortable-tree-theme-full-node-drag icon indicating copy to clipboard operation
react-sortable-tree-theme-full-node-drag copied to clipboard
verified publisher icon frontend-collective

don't use style-loader in production

Open bj00rn opened this issue 4 years ago • 1 comments

style-loader forces inline <style /> tags upon users of this library.

This is a security problem since it prevents the application of sane CSP configuration. ( requires style-src 'unsafe-inline';)

Webpack 4 has the superawesome MinCssExtractPlugin this purpose, this enables users of this library to use the webpack plugin pipline (html-webpack-plugin et al.) to decide if the wan't to inline the library styles or use them in a bundle.

The PR includes

  • use MinCssExtractPlugin plugin in production builds - upgrade to Webpack 4 in order to use MiniCssExtractPlugin

bj00rn avatar Mar 12 '21 14:03 bj00rn

@fritz-c any thoughts?

bj00rn avatar Mar 09 '23 10:03 bj00rn