Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSS cursor rule is causing Content Security Policy warnings #153

Open
The-Paavo opened this issue Mar 16, 2021 · 1 comment
Open

CSS cursor rule is causing Content Security Policy warnings #153

The-Paavo opened this issue Mar 16, 2021 · 1 comment

Comments

@The-Paavo
Copy link

Just FYI. Commit 5ecc2c2 is a little bit problematic, if Content Security Policies doesn't allow insecure data: schemes. It's usually not allowed, if CSP is defined. When it's not allowed, browsers refuse to use that svg-image (cursor) and they complain about it in "console".

csp

It can be fixed by removing or overriding this css-rule. .tingle-modal { cursor: auto; } is enough to override this.

Could this cursor-thingy perhaps be optional or just use standard cursor keywords? https://developer.mozilla.org/en-US/docs/Web/CSS/cursor

Other than that, 0.16.0 is working smoothly. 👍

@robinparisi
Copy link
Owner

Hi @The-Paavo,

I hadn't thought about CSP, that's too bad since I think it's better for UX (not everyone is used to click outside to close a modal). I think I'm just going to revert this commit because I prefer to avoid compromising on security and an external link wouldn't be as easy to use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants