Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p-Table: resizableColumns with Content-Security-Policy throws a inline-style error #14846

Closed
KyrumX opened this issue Feb 20, 2024 · 2 comments
Closed

p-Table: resizableColumns with Content-Security-Policy throws a inline-style error #14846

KyrumX opened this issue Feb 20, 2024 · 2 comments
Labels
Resolution: Stale Issue or pull request is inactivity and unfortunately it will be *closed* if there is no response Type: Bug Issue contains a bug related to a specific component. Something about the component is not working

Comments

@KyrumX
Copy link

KyrumX commented Feb 20, 2024

Describe the bug

Running an application with the following CSP value:
default-src 'self'; script-src 'self' 'nonce-randomNonceGoesHere'; style-src 'self' 'nonce-randomNonceGoesHere' https://unpkg.com; connect-src 'self' https://unpkg.com; font-src 'self' https://unpkg.com; img-src 'self' https://primefaces.org;
and setting the nonce at the root in index.html ngCspNonce="randomNonceGoesHere"
gives errors when attempting to resize a column: Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-randomNonceGoesHere' https://unpkg.com". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution.

Environment

"primeng": "17.7.0",
"@angular-devkit/build-angular": "^17.0.5",
"@angular/animations": "^17.0.5",
"@angular/cdk": "^17.0.2",
"@angular/cli": "^17.0.5",
"@angular/common": "^17.0.5",
"@angular/compiler": "^17.0.5",
"@angular/compiler-cli": "^17.0.5",
"@angular/core": "^17.0.5",
"@angular/forms": "^17.0.5",
"@angular/platform-browser": "^17.0.5",
"@angular/platform-browser-dynamic": "^17.0.5",
"@angular/platform-server": "^17.0.5",
"@angular/router": "^17.0.5",
"chart.js": "3.3.2",
"primeflex": "^3.3.1",
"primeicons": "^6.0.1",
"quill": "1.3.7",
"rxjs": "~7.8.1",
"tslib": "^2.5.0",
"zone.js": "~0.14.0"

Reproducer

https://stackblitz.com/edit/ngap43?file=package.json

Angular version

17.0.5

PrimeNG version

17.7.0

Build / Runtime

Angular CLI App

Language

TypeScript

Node version (for AoT issues node --version)

v18.18.0

Browser(s)

No response

Steps to reproduce the behavior

  1. Create simple table with resizable columns
  2. Ensure CSP headers are returned by server
  3. Ensure CSP token is set via ngCspNonce
  4. Attempt to resize a column

Expected behavior

Resizing to work, but because PrimeNG still uses a lot of inline style it throws errors
@KyrumX KyrumX added the Status: Needs Triage Issue will be reviewed by Core Team and a relevant label will be added as soon as possible label Feb 20, 2024
@victorgawk victorgawk mentioned this issue Feb 20, 2024
Closed
@Qui-mey Qui-mey mentioned this issue Feb 21, 2024
Closed
@mehmetcetin01140 mehmetcetin01140 added Type: Bug Issue contains a bug related to a specific component. Something about the component is not working and removed Status: Needs Triage Issue will be reviewed by Core Team and a relevant label will be added as soon as possible labels Feb 26, 2024
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale. If this issue is still affecting you with the latest version, please leave any comment, and we will keep it open. We are sorry that we have not been able to prioritize it yet. If you have any new additional information, please include it with your comment!

@github-actions github-actions bot added the Resolution: Stale Issue or pull request is inactivity and unfortunately it will be *closed* if there is no response label Jun 26, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024

Closing this issue after a prolonged period of inactivity. If this issue is still present in the latest release, please create a new issue with up-to-date information. Thank you for your understanding!

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Resolution: Stale Issue or pull request is inactivity and unfortunately it will be *closed* if there is no response Type: Bug Issue contains a bug related to a specific component. Something about the component is not working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KyrumX @mehmetcetin01140