rmariuzzo
do never convert <link> to <style>
I don't expect this to get merged in its current form as it is a breaking change. However, we need a solution (maybe a config?).
Right now a <link> element that is on the same-origin or that is configured with crossorigin is always converted to <style> (because .cssRules can be accessed, which is otherwise prevented by the SOP). This breaks our Content-Security-Policy because it forbids inline styles. This PR fixes this by always injecting a <link> if the source is also a <link>.
However, this breaks current uses that rely on the current behavior to rewrite import and font-face rules in <link> by making the paths absolute.
Thoughts?
Now that I think about it, is it actually breaking anything? The import/font-face rewrites are needed because inline-styles have about:blank as origin. But <link> stylesheets don't and also accessing href returns a fully qualified URL, so things like /style.css should still work.
Hey there! I'm catching up with all pending PRs. I think this can be merged?
Hey there! I'm catching up with all pending PRs. I think this can be merged?
Nice! Go ahead and merge if you want. I haven't used React in a while but I think this PR works and you can always release it with a new major version to be safe.
Ty
On Mon, Oct 5, 2020, 11:27 Alexander Prinzhorn [email protected] wrote:
Hey there! I'm catching up with all pending PRs. I think this can be merged?
Nice! Go ahead and merge if you want. I haven't used React in a while but I think this PR works and you can always release it with a new major version to be safe.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/rmariuzzo/react-new-window/pull/14#issuecomment-703706351, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADLMH6OQI5OBGYCU7JVTA3SJHQVPANCNFSM4FF2ZYZQ .