Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for cspNonce #2755

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add support for cspNonce #2755

wants to merge 5 commits into from
+144 −2

Conversation

zamoore
Copy link
Contributor

@zamoore zamoore commented Mar 7, 2025
edited by jira bot
Loading

📌 Summary

If merged, this PR will make a change to the code editor to allow a cspNonce property to either be automatically pulled from the consuming app's content security policy, or passed directly to the component.

🛠️ Detailed description

Some consuming applications have strict content security policies against dynamic style tag insertion. A way around this is to add a nonce to both the content security policy and any injected style tags. CodeMirror 6 supports this functionality through a cspNonce attribute.

This PR:

  • Exposes the cspNonce setting to the code editor api
  • Will automatically try to pull the nonce from the security policy

🔗 External links

Jira ticket: HDS-4642

👀 Component checklist

💬 Please consider using conventional comments when reviewing this PR.

@vercel Vercel
Copy link

vercel bot commented Mar 7, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
hds-showcase ✅ Ready (Inspect) Visit Preview Mar 8, 2025 2:29am
hds-website ✅ Ready (Inspect) Visit Preview Mar 8, 2025 2:29am

@zamoore zamoore force-pushed the zamoore/HDS-4642/code-editor/cspNonce branch from 9d3b612 to 4180c7a Compare March 7, 2025 23:00
@zamoore zamoore marked this pull request as ready for review March 8, 2025 01:02
@zamoore zamoore requested a review from a team as a code owner March 8, 2025 01:02
@zamoore zamoore requested a review from a team as a code owner March 8, 2025 02:26
@hashibot-hds hashibot-hds added the docs-website Content updates to the documentation website label Mar 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
docs-website Content updates to the documentation website packages/components showcase
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zamoore @hashibot-hds