Skip to content

Commit

Permalink
Fix primefaces#2423/primefaces#2536: CSP allow setting inline nonce w…
Browse files Browse the repository at this point in the history
…ith PrimeReact.inlineCssNonce
  • Loading branch information
melloware committed Dec 19, 2021
1 parent 124a57a commit ddd8f53
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 2 deletions.
1 change: 1 addition & 0 deletions components/lib/api/Api.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ interface FilterMatchModeOptions {
interface APIOptions {
ripple?: boolean;
inputStyle?: InputStyleType;
inlineCssNonce?: string;
locale?: string;
appendTo?: AppendToType;
cssTransition?: boolean;
Expand Down
2 changes: 2 additions & 0 deletions components/lib/api/PrimeReact.js
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ export default class PrimeReact {

static autoZIndex = true;

static inlineCssNonce = null;

static zIndex = {
modal: 1100,
overlay: 1000,
Expand Down
12 changes: 10 additions & 2 deletions components/lib/utils/DomHandler.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import PrimeReact from '../api/Api';

export default class DomHandler {

static innerWidth(el) {
Expand Down Expand Up @@ -871,14 +873,20 @@ export default class DomHandler {

/**
* Anytime an inline style is created check environment variable 'process.env.REACT_APP_CSS_NONCE'
* to set a CSP NONCE.
* or global variable PrimeReact.inlineCssNonce to set a CSP NONCE.
*
* @see https://github.com/primefaces/primereact/issues/2423
* @return HtmlStyleElement
*/
static createInlineStyle() {
let styleElement = document.createElement('style');
let nonce = process.env.REACT_APP_CSS_NONCE;
let nonce = '';
if (process) {
nonce = process.env.REACT_APP_CSS_NONCE;
}
if (!nonce) {
nonce = PrimeReact.inlineCssNonce;
}
if (nonce) {
styleElement.setAttribute('nonce', nonce);
}
Expand Down

0 comments on commit ddd8f53

Please sign in to comment.