notistack icon indicating copy to clipboard operation
notistack copied to clipboard

Published 20 hours ago verified publisher icon iamhosseindhv

Notistack v3 doesn't support CSP

Open EdisonHarada opened this issue 1 year ago • 5 comments

The v3 does not support CSP (content security policy) as it uses goober to create the CSS.

Expected Behavior

When the CSS is created by Notistack we should be able to pass the property "nonce" to be injected on the style tag.

Current Behavior

Nothing can be injected on the style tag.

Context

CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Your Environment

Tech Version
Notistack v3.0.1
React 18.2.0

EdisonHarada avatar Mar 14 '23 11:03 EdisonHarada

We just discovered same issue after stage deployment where CSP is available. Meanwhile will revert to previous version.

drekinov avatar Mar 15 '23 09:03 drekinov

Probably linked to https://github.com/cristianbote/goober/issues/471 (which contains a workaround)

pcorpet avatar Aug 20 '23 20:08 pcorpet

The "goober workaround" does not work. Reverting notistack to 2.0.8 works just fine.

longsleep avatar Oct 27 '23 11:10 longsleep

Is there a plan to get this fixed soon?

goodslav avatar Dec 01 '23 15:12 goodslav

Can I expect this to be fixed in the near future?

I'm considering replacing Notistack soon because downgrading to v2 isn't an option for us, and the CSP errors are going to be noticed on pentest over our app.

darlantc avatar May 09 '24 17:05 darlantc