Describe the problem
The dangerousDisableAssetCspModification is great for us because we've found that injecting nonces for style sheets didn't play well with the UI library we were using (lit). But it would be even better if there was an option to disable nonces for style and script tags individually! In our case, we'd like to disable the feature for style tags (since it breaks our app) but keep it for script tags (which are the more dangerous attack surface anyway).
Describe the solution you'd like
In addition to boolean values, also allow "script" | "style". For example, the following would disable nonces for style sheets only:
{
...
"security": {
"csp": "...",
"dangerousDisableAssetCspModification": "style"
}
}Alternatives considered
No response
Additional context
No response
Describe the problem
The dangerousDisableAssetCspModification is great for us because we've found that injecting nonces for style sheets didn't play well with the UI library we were using (lit). But it would be even better if there was an option to disable nonces for
styleandscripttags individually! In our case, we'd like to disable the feature for style tags (since it breaks our app) but keep it for script tags (which are the more dangerous attack surface anyway).Describe the solution you'd like
In addition to boolean values, also allow
"script" | "style". For example, the following would disable nonces for style sheets only:{ ... "security": { "csp": "...", "dangerousDisableAssetCspModification": "style" } }Alternatives considered
No response
Additional context
No response