-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Content Security Policy - Nonce not set #144
Comments
I can reproduce this issue as well. It seems that something as simple as an icon or spinner alongside an ant.d Notification component can trigger this. |
I faced the same issue, and this is the way you can do to workaround with NextJS:
// next.config.js
const withTM = require('next-transpile-modules')(['@ant-design/icons'])
module.exports = withTM(nextConfig)
import IconContext from '@ant-design/icons/es/components/Context'
import { CSPConfig } from 'antd/es/config-provider'
import { ReactNode } from 'react'
interface IProps {
children: ReactNode
csp: CSPConfig
}
export const IconContextProvider = ({ children, csp }: IProps) => {
return <IconContext.Provider value={{ csp }}>{children}</IconContext.Provider>
}
<ConfigProvider
csp={{ nonce: `${process.env.REACT_APP_GENERATED_NONCE_VALUE}` }}
>
<IconContextProvider
csp={{ nonce: `${process.env.REACT_APP_GENERATED_NONCE_VALUE}` }}
>
<Code />
</IconContextProvider>
</ConfigProvider> Some icons sourced from the 'es' package, which was built using CommonJS, do not have their icon context included in the ConfigProvider. To resolve the issue, transpile the package and pass the CSP (Content Security Policy) information to its icon context. |
I have the same problem. <ConfigProvider csp={{ nonce: XX }}> don't work. |
Hi, I'm using the ant.design. In the config I have set up:
dynamicCSS.js:73 : Refused to apply inline style because it violates the following Content Security Policy directive:
"style-src 'self' 'nonce-CODE'".
How can I fix this issue?
The text was updated successfully, but these errors were encountered: