podlove-ui
podlove-ui copied to clipboard
CSP, Content Security Policy
I am struggling to make the webplayer work on a site using CSP.
The issue seems to be that Podlove, once loaded from the whitelisted cdn.podlove.org location, and using a nonce'd episode config, sets out to create additional script
, style
, and iframe
tags. The ifames
contain additional script
and style
tags.
Console looks like this: https://imgur.com/T3m8khq
Before I get into an argument to 'unsafe-inline'
everything, is CSP support anywhere on your roadmap?