Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upContent Security Policy restrictions workaround #1263
Conversation
patrickkettner
reviewed
Mar 12, 2014
node.style.cssText = str; | ||
} | ||
catch(e) {// Content Security Policy restrictions workaround | ||
node.setAttribute('style', str); |
This comment has been minimized.
This comment has been minimized.
patrickkettner
Mar 12, 2014
Member
is there a reason we wouldn't just set the .style
attr all the time?
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
termi
Mar 12, 2014
Author
setting the 'style' attribute, regardless of whether or not CSP is on, can break some feature detections in some random browser.
This comment has been minimized.
This comment has been minimized.
patrickkettner
Mar 12, 2014
Member
I totally get that it may break, however we are doing it here already. plus you are catching anonmous errors all over the place, which would result in the tests being inaccurate. I think the best thing to do would be to change it all to style
, and run the whole thing through the browserstack suite of supported browsers to see if it breaks anywhere
This comment has been minimized.
This comment has been minimized.
Doesn't this just fix |
This comment has been minimized.
This comment has been minimized.
ceram1
commented
Apr 5, 2014
Maybe this issue can be fixed by changing some functions. Like.. // Check for css support
} |
RehanSaeed
referenced this pull request
Oct 27, 2014
Closed
Modernizr Causes Content Security Policy (CSP) Violation Errors #1450
This comment has been minimized.
This comment has been minimized.
RehanSaeed
commented
Oct 28, 2014
Cross Post From StackOverflow. I am attempting to use the new Content Security Policy (CSP) HTTP headers on a test site. When I use CSP in conjunction with Modernizr I get CSP violation errors. This is the CSP policy I am using:
These are the errors from the Chrome browser console:
This workaround was first put forward in March, is there no more progress in getting this issue resolved. There is a comment in the StackOverflow question in which someone suggests taking a look at AngularJS as they have full support for CSP. I know that I can include the unsafe-inline directive which can get around this error but this also enables unsafe code to run and negates the use of CSP in the first place. Does anyone have any solutions. |
RehanSaeed
referenced this pull request
Mar 5, 2015
Closed
Add support for inline scripts and styles using the nonce #54
sandstrom
referenced this pull request
Apr 15, 2015
Merged
Set style directly instead of using `cssText` #292
added a commit
to mattbostock/leavediary
that referenced
this pull request
May 11, 2015
This comment has been minimized.
This comment has been minimized.
quinncomendant
commented
Jul 14, 2015
What is the status of this fix? I too am trying to find a solution to using Modernizr with CSP. |
This comment has been minimized.
This comment has been minimized.
RehanSaeed
commented
Jul 14, 2015
+1 |
This comment has been minimized.
This comment has been minimized.
quinncomendant
commented
Jul 15, 2015
FYI This is being discussed in issue #1262 |
termi commentedMar 12, 2014
fixes #1262