You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My company uses elm-ui extensively. We need to be able to support CSP without unsafe-inline, in order to be security compliant. Elm-ui generates inlined css-styles, which are blocked by the CSP-policy we need to implement.
There is a way to get around this, using nonces. A nonce is a per-request cryptographically secure random value that is set as an attribute in the <style> tag. We'd like to be able to pass the nonce as an argument to layoutWith.
This would turn all the elm-ui style tags from <style> {elm-ui-stuff} </style>, to <style nonce={passed nonce}>{elm-ui-stuff}</style>. This could be added in a function that looks like: nonce : String -> Option.
The nonce can be the same across all style tags.
The text was updated successfully, but these errors were encountered:
My company uses elm-ui extensively. We need to be able to support CSP without
unsafe-inline, in order to be security compliant. Elm-ui generates inlined css-styles, which are blocked by the CSP-policy we need to implement.There is a way to get around this, using nonces. A nonce is a per-request cryptographically secure random value that is set as an attribute in the <style> tag. We'd like to be able to pass the nonce as an argument to layoutWith.
This would turn all the elm-ui style tags from
<style> {elm-ui-stuff} </style>, to<style nonce={passed nonce}>{elm-ui-stuff}</style>. This could be added in a function that looks like:nonce : String -> Option.The nonce can be the same across all style tags.
The text was updated successfully, but these errors were encountered: