Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP support for CSS Helper #3694

Closed
meck93 opened this issue Nov 20, 2024 · 0 comments · Fixed by #3685
Closed

CSP support for CSS Helper #3694

meck93 opened this issue Nov 20, 2024 · 0 comments · Fixed by #3685
Labels
enhancement New feature or request.

Comments

@meck93
Copy link
Contributor

meck93 commented Nov 20, 2024
edited
Loading

What is the feature you are proposing?

First of all, thanks a lot for you're awesome work on Hono. I really enjoy using it.

I've been using the CSS helper. It works well 🚀 But in combination with nonce-based CSP i.e. if inline script and style tags are only allowed, if a random nonce is set on each render (e.g., <style id="hono-css" nonce="1234"> or <script nonce="1234">, it doesn't work yet. Currently, there is no way to pass the nonce to the style and script tag.

For example, I'd like to be able to add the nonce to the <Style nonce="{c.get("secureHeadersNonce")}" /> to ensure the inline CSS is not ignored by the browser.

For example, a test could look as follows:

it('Should render CSS styles with CSP nonce', async () => {
  const headerClass = css`
    background-color: blue;
  `
  const template = (
    <>
      <Style nonce='1234' />
      <h1 class={headerClass}>Hello!</h1>
    </>
  )
  expect(await toString(template)).toBe(
    '<style id="hono-css" nonce="1234">.css-2458908649{background-color:blue}</style><h1 class="css-2458908649">Hello!</h1>'
  )
})

I'd like to help and contribute this feature and have started a possible implementation here: #3685 -> happy for feedback! thanks!

Related to
@meck93 meck93 added the enhancement New feature or request. label Nov 20, 2024
@meck93 meck93 mentioned this issue Nov 20, 2024
Merged
5 tasks
meck93 added a commit to meck93/hono-website that referenced this issue Nov 24, 2024
@meck93
chore: fix vitepress warning that /public/ is not need for public ass…
a62ce7f 
…ets honojs/hono#3694
meck93 added a commit to meck93/hono-website that referenced this issue Nov 24, 2024
@meck93
docs: add example of css helpers in combination with nonce Content-Se…
2c8bca0 
…curity-Policy honojs/hono#3694
@meck93 meck93 mentioned this issue Nov 24, 2024
Merged
yusukebe pushed a commit to honojs/website that referenced this issue Nov 25, 2024
@meck93
css helpers: example 'how to use css helpers in combination with 'Sec…
a720b16 
…ure Headers' middleware (Content-Security-Policy & nonce attribute) (#536)

* chore: fix vitepress warning that /public/ is not need for public assets honojs/hono#3694

* docs: add example of css helpers in combination with nonce Content-Security-Policy honojs/hono#3694
@meck93 meck93 mentioned this issue Jan 2, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(css): add CSP nonce to hono/css related style and script tags meck93/hono
1 participant
@meck93