gitkraken
Content Security Policy (CSP) Violation on Commit Graph Commit hover
Description
A Content Security Policy (CSP) violation error occurs in the VS Code Developer Console when hovering over any commit in the GitLens Commit Graph view. This likely causes improper styling or a failure to display some styles within the hover tooltip.
Steps to Reproduce
Open a repo with a Git history in VS Code. Go to the Commit Graph section. Open the Developer Tools in VS Code (Help > Toggle Developer Tools). Navigate to the Console tab within the Developer Tools. Hover the mouse cursor over any commit node within the Commit Graph to trigger the hover tooltip (the popup showing commit details).
Expected Behavior:
The commit tooltip should display correctly with all intended styles, and no CSP errors should be logged in the Developer Console.
Actual Behavior:
Upon hovering over a commit, the following CSP violation error is displayed in the Console:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://*.vscode-cdn.net 'nonce-iLlPdEfGjw3r1OtdLTiJpQ==' 'unsafe-hashes' 'sha256-e1w6UmV6eVJuQr9ktGHETAhNAeqaZF3rEpqMU4iIUoQ='". Either the 'unsafe-inline' keyword, a hash ('sha256-LJ90Anyva9NUJTdUOjiA20NhuITw4H4AyEFtBxs9ono='), or a nonce ('nonce-...') is required to enable inline execution.
https://github.com/user-attachments/assets/1c44211f-81cb-4638-a2ef-9245aa13cb0f
GitLens Version
2025.12.604
VS Code Version
Version: 1.106.3 (user setup) Commit: bf9252a2fb45be6893dd8870c0bf37e2e1766d61 Date: 2025-11-25T22:28:18.024Z Electron: 37.7.0 ElectronBuildId: 12781156 Chromium: 138.0.7204.251 Node.js: 22.20.0 V8: 13.8.258.32-electron.0 OS: Windows_NT x64 10.0.26100
Git Version
git version 2.52.0.windows.1
Logs, Screenshots, Screen Captures, etc
- Test Validate Branch Detection for Selected Commits in Run Gitlens RC 17.8 - Windows -VSCode (linked to Cycle Gitlens RC 17.8 ).
- Test Edge Case - Non-Contiguous Commits Selection in Run Gitlens RC 17.8 - Windows -VSCode (linked to Cycle Gitlens RC 17.8 ).