react-uswds icon indicating copy to clipboard operation
react-uswds copied to clipboard

Published 20 hours ago verified publisher icon trussworks

[fix] Inline SVGs and Content Security Policy support

Open quantumew opened this issue 2 years ago • 1 comments

ReactUSWDS Version & USWDS Version:

ReactUSWDS: 2.9.0 USWDS: 2.11.2

Describe the bug

After implementing Content-Security-Policy-Report-Only with an img-src: 'self' <our whitelisted domains>; directive, we are seeing reports of inline images coming from react-uswds.

To Reproduce Steps to reproduce the behavior:

  1. Implement a CSP policy containing at least img-src: 'self'
  2. Add code using GovBanner
  3. Load page and see reports of unsafe inline images

Expected behavior

A way to avoid bundling these SVGs and thus implement a strict CSP.

Screenshots

Additional context

Device and Browser Information (please complete the following information if describing a UI bug):

  • Firefox 103

quantumew avatar Aug 10 '22 19:08 quantumew