-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with styles when running application in development mode #49
Comments
Closing this; discovered that applying |
thank you very much for reporting this. That is actually a bug of this lib, strict CSP is incompatible wit Next dev server, so I fixed this in #47, nonce won't get applied in upcoming Your workaround resolves the problem but it also leads to a misuse of report-only mode. The report only mode is intended for a gradual rollout of enforce mode into production. When running a dev server you actually want enforce mode for things like images and stylesheets so you can instantly spot missing sources in your CSP base config visually. What I always do in projects is the following: I set the env var |
@all-contributors add @benhodgson87 for bug |
I've put up a pull request to add @benhodgson87! 🎉 |
Hi,
Love this project, amazed this still isn't a part of the core Next functionality.
Unfortunately we're running into an issue with loading styles in development (default Next CSS modules setup). It seems that because the nonce is provided to the CSP in development, it overrides the
'unsafe-inline'
that is needed to allow style-loader to inject the styles in development without the nonce.As a result our styles don't load in development, but do load in production, where the nonce is correctly applied.
Is it possible to disable including the nonce in the CSP when in development mode as a workaround for this?
Basic repro of setup: https://gist.github.com/benhodgson87/8507b754aa5015181341d5565493cce2
The text was updated successfully, but these errors were encountered: