I'm using SVGR in a React component library, build with vitejs. In vite.config.ts file I configured the option to add a custom prop to the root SVG tag, since we configured CSP on our server_ `svgr({ svgrOptions: { svgProps: { nonce: 'rAnd0m', }, }, })` It seems ti works well, if I inspect source coude I see this custom prop `<svg xmlns="http://www.w3.org/2000/svg" nonce display="none" style="">...</svg>` anyway I always got a CSP error: > Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-rAnd0m'". Either the 'unsafe-inline' keyword, a hash ('sha256-DVjvk4wpw6Ow5UHdvNCjEmb4VaB2cVamAioibw9ytiM='), or a nonce ('nonce-...') is required to enable inline execution. Of course the nonce value is only a test and the server is configured to use this value: here it is the CSP response header: > Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-rAnd0m'; style-src 'self' 'nonce-rAnd0m'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; connect-src *; img-src 'self' * data: blob:; font-src 'self' fonts.gstatic.com Is it related to SVGR or do I need to investigate elsewhere? Thank you.
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be still under discussion. The issue was opened by deggesim and has received 0 comments.
Add a comment
Comment form would go here