Bug reporting dialog requires "unsafe-inline" for "style-src-elem" CSP

[jens-duttke]

Summary

Since there are many browser extensions (and also some ISPs) which inject scripts and styles into my web application, which results into errors, I use a restrictive CSP setup, which bans inline code, evals, etc.

Unfortunately, to be able to use the Sentry dialog for bug reporting, I need to set "unsafe-inline" for "style-src-elem", because it uses inline styles, which openes a door for errors.

Motivation

My motivation is, to prevent injected code into my webapp as much as possible. To prevent errors, which are triggered by browser extensions and ISPs.

Additional Context

I'm using JavaScript and the following call, to open the report dialog:

Sentry.showReportDialog({ eventId: event.event_id });

[github-actions]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Accepted, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[jens-duttke]

Are there any news regarding this issue?

[mfb]

FYI I created a related issue #34415