fix: CSP Restriction for TrustedTypePolicy Creation in Loading Indicator #986
Conversation
|
When is it planned to merge? |
|
Please merge it since it's quite an issue while developing |
|
Thanks for the PR! Will merge soon! |
| return true | ||
| } | ||
|
|
||
| const currentCSP = cspMetaTag.getAttribute('content') | ||
| const newPolicy = ` trusted-html-${LOADING_ID}` | ||
|
|
||
| if (!currentCSP.includes(newPolicy)) { | ||
| const updatedCSP = currentCSP + newPolicy | ||
| cspMetaTag.setAttribute('content', updatedCSP) | ||
| } | ||
|
|
||
| return true |
There was a problem hiding this comment.
The true returned here is mainly for the caller's control flow. It's a bit convoluted, but the tech debt seems localized to this module so we can deal with it later.
louisgv
changed the title
|
Do you know when this problem will be solved? I still have the error on my side. Although I have update plasmo for my project with |
|
Has this been pushed to pnpm as well? |
|
Is it fix the issue on dev runtime? |
|
@OFNEILL yes it's pushed to the registry |
Hmm, I think if the user has multiple CSUI, this fix will not work because it will try to inject multiple loaders simultaneously... :-?..... @HT808s |
|
I still have the error on my side @louisgv , even with the latest version of Plasmo. -> it occurs on LinkedIn
The error occurs on the home page, but if you go to a more specific url, like "https://www.linkedin.com/blog/member". There is no more error (i don't know if it helps) |
|
@axelschapmann correct, it working on "https://www.linkedin.com/blog/member" but home and user's profile page still throw this error |
|
i create a hotfix for this issue on this PR #1000
|
Details
This PR aimes to fix the issue #985
Code of Conduct
Contacts
If your PR is accepted, we will award you with the
Contributorrole on Discord server.To join the server, visit: https://www.plasmo.com/s/d