Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: added nonce capability for legacy Odyssey #1540

Merged
merged 2 commits into from
Aug 29, 2022
Merged

feat: added nonce capability for legacy Odyssey #1540

merged 2 commits into from
Aug 29, 2022

Conversation

KevinGhadyani-Okta
Copy link
Contributor

Description

Added a connection for legacy Odyssey apps to utilize a nonce.

@odyssey-okta
Copy link
Contributor

odyssey-okta commented Aug 4, 2022
edited
Loading

@KevinGhadyani-Okta did you happen to look at the inline style assignment here? I'm not 100% certain this will be a CSP violation because of how I recall JSX compiling HTML attributes to JS property assignment as sugar but I could be wrong! cc @conorhanrahan-okta not sure if you're looked into this issue specifically for React/JSX yet?

@conorhanrahan-okta
Copy link

conorhanrahan-okta commented Aug 4, 2022
edited
Loading

I haven't looked into it but I imagine there is a React solution that does it in a CSP safe way. If it's not happening already there is probably a plugin or configuration setting that would turn that into CSP safe element.style.display = 'none' type stuff

@odyssey-okta
Copy link
Contributor

@conorhanrahan-okta @KevinGhadyani-Okta here are some more links. It's clear to me that React passes prop values as HTML attributes to custom elements but that isn't in play here. <Tag> in our example will only ever be an instrinsic DOM element like span or div.

https://custom-elements-everywhere.com/ (scroll down to React section)

@conorhanrahan-okta
Copy link

conorhanrahan-okta commented Aug 4, 2022
edited
Loading

Is this the only warning produced by odyssey? Or are there more warnings to be fixed in other tickets?

@KevinGhadyani-Okta
Copy link
Contributor Author

KevinGhadyani-Okta commented Aug 16, 2022
edited
Loading

I noticed an issue from style-loader, but it's not related to Odyssey unless you're consuming the Sass. But that's a Webpack build tools issue not in Odyssey.

@KevinGhadyani-Okta
Copy link
Contributor Author

Tested this in Monolith using existing libraries from Okta-UI-React as well as testing in Okta-UI-React's dev playground. We're good.

@KevinGhadyani-Okta KevinGhadyani-Okta merged commit fa53ccb into develop Aug 29, 2022
@KevinGhadyani-Okta KevinGhadyani-Okta deleted the kg/OKTA-498386 branch August 29, 2022 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conorhanrahan-okta conorhanrahan-okta conorhanrahan-okta approved these changes

@edburyenegren-okta edburyenegren-okta edburyenegren-okta approved these changes

@ganeshsomasundaram-okta ganeshsomasundaram-okta Awaiting requested review from ganeshsomasundaram-okta

@kamronbatmanghelich-okta kamronbatmanghelich-okta Awaiting requested review from kamronbatmanghelich-okta

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@KevinGhadyani-Okta @odyssey-okta @conorhanrahan-okta @edburyenegren-okta