New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request: Make it possible to pass 'nonce' to the @emotion/cache #17468
Comments
We're running into a similar issue - we'd like to add a mock CSP to our storybook bundle so that we can test component compatibility in PRs. Right now, there's not a great way to do that. We can add a CSP via a meta tag in <meta http-equiv="Content-Security-Policy" content="style-src 'self';"> And this will block all inline styles or linked stylesheets that aren't explicitly allowed. For more information on the The problem with this, however, is that the CSP blocks inline styles including I asked for some help on the Storybook Discord:
@JReinhold responded with:
|
In storybook 7.0 beta emotion is completely bundled in, this should make this issue obsolete. If these's still something we need to do on our side, please re-open. |
It'll be a while before we have an opportunity to try this out, but thank you! |
Is there a documented approach to adding nonce to emotion? I'm not understanding how completely bundling in emotion makes this issue obsolete. The idea of adding a CacheProvider in a decorator still doesn't work with Storybook 7. Is this fixed in Storybook 8? What is the fix, and what does a consumer of this package need to do to add a nonce to emotion's styles? |
Also, added an example here: |
Discussed in #17467
Originally posted by Radiance888 February 10, 2022
We're using storybook for preact demos and webpack bundles @emotion/core -> @emotion/cache -> @emotion/sheet which is inserting styles to iframe headers causing multiple CSP errors for styles like below
I tried checking the following docs - https://emotion.sh/docs/cache-provider, https://www.npmjs.com/package/@emotion/sheet/v/10.0.0-really-unsafe-please-do-not-use.1?activeTab=dependents to pass the nonce but we do not create StyleSheet / createCache within any component, but webpack bundles all dependencies from package.json as a part of theme and it applies default options ( nonce - undefined)
I tried adding CacheProvider to storybook decorators globally like below - ( https://storybook.js.org/docs/react/writing-stories/decorators )
I can see cache-block is rendered but the header styles are not updated with the nonce value.
If I miss anything here or if there's another way to pass nonce for emotion-styles please let me know!
Thanks!
The text was updated successfully, but these errors were encountered: