New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Content Security Policy #55
Comments
Hi @jmstfv 馃憢 to be honest I didn't tried yet this combination: CSP + invisible_captcha. So not sure what's happening here... Couple of comments:
|
I see. One way of doing it would be adding
Then users could pass
Here is the sample code that demonstrates that: slim-template/slim#810 (comment) Are you open for a PR? |
Ok @jmstfv PRs for CSP support are welcome! About the implementation, it's seems fine to me to allow html_options to be passed to the syle TAG, but we should make it work for both options: injectable_styles = true | false. Maybe we can use the
Thanks. |
@markets 馃憢
I have enabled a Content Security Policy but that breaks invisible captcha since inlined CSS changes every second. I can make it work by setting
style-src
tounsafe-inline
but that's more of a hack.Is there a way to insert a
nonce
to a generated<style>
tag?The text was updated successfully, but these errors were encountered: