podlove-ui icon indicating copy to clipboard operation
podlove-ui copied to clipboard

Published 20 hours ago verified publisher icon podlove

CSP, Content Security Policy

Open itst opened this issue 3 years ago • 2 comments

I am struggling to make the webplayer work on a site using CSP.

The issue seems to be that Podlove, once loaded from the whitelisted cdn.podlove.org location, and using a nonce'd episode config, sets out to create additional script, style, and iframe tags. The ifames contain additional script and style tags.

Console looks like this: https://imgur.com/T3m8khq

Before I get into an argument to 'unsafe-inline' everything, is CSP support anywhere on your roadmap?

itst avatar Dec 11 '20 12:12 itst