Fix CSP Restriction for TrustedTypePolicy Creation in Loading Indicat…

…or (#986)
PlasmoHQ · Jun 8, 2024 · 1eb588f · 1eb588f
1 parent 5b983c2
commit 1eb588f
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/core/parcel-runtime/src/utils/loading-indicator.ts b/core/parcel-runtime/src/utils/loading-indicator.ts
@@ -10,8 +10,27 @@
 
 const LOADING_ID = "__plasmo-loading__"
 
+// Function to update the CSP to allow the new trusted type policy
+function updateCSP() {
+  const cspMetaTag = document.querySelector('meta[http-equiv="Content-Security-Policy"]')
+
+  if (!cspMetaTag) {
+    return true
+  }
+
+  const currentCSP = cspMetaTag.getAttribute('content')
+  const newPolicy = ` trusted-html-${LOADING_ID}`
+
+  if (!currentCSP.includes(newPolicy)) {
+    const updatedCSP = currentCSP + newPolicy
+    cspMetaTag.setAttribute('content', updatedCSP)
+  }
+
+  return true
+}
+
 const trustedPolicy = typeof trustedTypes !== "undefined"
-  ? trustedTypes
+  ? updateCSP() && trustedTypes
     .createPolicy(`trusted-html-${LOADING_ID}`, { createHTML: str => str })
   : undefined