From c40b2ba1ed21eb2b7cdc8b6d80b89843b5e983bd Mon Sep 17 00:00:00 2001
From: Julien Ernewein <ernewein.julien@gmail.com>
Date: Sat, 1 Jun 2024 13:34:31 +0200
Subject: [PATCH] Fix CSP Restriction for TrustedTypePolicy Creation in Loading
 Indicator

---
 .../src/utils/loading-indicator.ts            | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/core/parcel-runtime/src/utils/loading-indicator.ts b/core/parcel-runtime/src/utils/loading-indicator.ts
index 9a4e1736d..645c593c4 100644
--- a/core/parcel-runtime/src/utils/loading-indicator.ts
+++ b/core/parcel-runtime/src/utils/loading-indicator.ts
@@ -10,8 +10,27 @@
 
 const LOADING_ID = "__plasmo-loading__"
 
+// Function to update the CSP to allow the new trusted type policy
+function updateCSP() {
+  const cspMetaTag = document.querySelector('meta[http-equiv="Content-Security-Policy"]')
+  
+  if (!cspMetaTag) {
+    return true
+  }
+  
+  const currentCSP = cspMetaTag.getAttribute('content')
+  const newPolicy = ` trusted-html-${LOADING_ID}`
+
+  if (!currentCSP.includes(newPolicy)) {
+    const updatedCSP = currentCSP + newPolicy
+    cspMetaTag.setAttribute('content', updatedCSP)
+  }
+
+  return true
+}
+
 const trustedPolicy = typeof trustedTypes !== "undefined"
-  ? trustedTypes
+  ? updateCSP() && trustedTypes
     .createPolicy(`trusted-html-${LOADING_ID}`, { createHTML: str => str })
   : undefined