Evan Sosenko

> @razor-x how does the document itself modify the style in the first place? (the original modification that generated the mutation) Could you have a look at the calling code...

I loaded it up in dev mode and grabbed the non-minified react code that it breaks on. 

As a sanity check I deployed the restrictive CSP back to my testing environment and confirmed the (non-rrweb) updates do not trigger violations in chrome or firefox. I also ran...

I modified the script and tried again ``` var throwaway = document.createElement('iframe'); throwaway.setAttribute('sandbox', 'allow-same-origin allow-scripts'); // if it works, I'd also want to know if it works without this! document.body.appendChild(throwaway);...

I did some digging and I suspect the key may be that style updates using the [CSSOM ](https://developer.mozilla.org/en-US/docs/Web/API/CSS_Object_Model)by an already-allowed CSP script are allowed without `unsafe-inline`. Here's what's I found...

> right, `contentDocument` isn't available until the iframe is appended to the page; I thought I got the opposite result while testing but must have accidentally added my variable to...

Nice, I hope it's this simple. What's the best way for us to test this? I was never able to get the project dev env running on my local. I...

> Would you be able to have another go at setting up a dev environment and let the core team know if there were any instructions that weren't clear or...

Here is some more feedback after going a little further. I tried to run `yarn test` in just the `packages/rrweb` directory but I got a bunch of errors. I thought...

> This looks a bit like you haven't run `yarn install` in the root directory. Could you run `yarn install`, and then maybe `yarn build:all` just in case. If you...