CSP prevents CSS Modules styling from being applied when unsafe-inline is not allowed in the style-src directive

I've developed a React application using Create React App and implemented CSS modules for styling the components.

Each CSS file is prefixed with .module.css. For example: ComponentName.module.css

To use the CSS file within a component, I import it like this:

import styles from "./css/ComponentName.module.css";

Then, I apply the styling using the className attribute:

const welcomeText = (
    <div className={styles["welcome-text"]}>
        <h1 className={styles.title}>Welcome</h1>
    </div>
);

However, when implementing Content Security Policy (CSP) and setting the style-src directive to 'self', all the styling is blocked. To make it work, I also need to include 'unsafe inline'.

Is there a way to declare the .module.css files and their usage with className as valid sources for the style-src directive? If not, what are other methods of styling React components that are compatible with style-src 'self' without requiring 'unsafe-inline'? Would styled components be a feasible solution?

Alternatively, would it be secure to use 'unsafe-inline' for styling components with CSS Modules?

Your insights are appreciated!

I have searched Google for solutions on how to reconcile the use of CSS modules with CSP constraints, but haven't found any definitive answers.

EDIT: The CSP configuration I intend to use is as follows:

<meta http-equiv="Content-Security-Policy"
      content="default-src 'self' http://localhost:8090
img-src data: https: http:;
script-src 'self';
font-src 'self' https://fonts.gstatic.com;
style-src 'self' https://fonts.googleapis.com;"/>

However, upon loading the page, all CSS disappears and the following errors are logged multiple times:

 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“style-src”). styleTagTransform.js:12
 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“style-src”). insertBySelector.js:36

To eliminate the errors and ensure the applied CSS functions, 'unsafe-inline' must be included:

 style-src 'self' https://fonts.googleapis.com 'unsafe-inline';"
cssreactjscontent-security-policycss-modules

Answer №1

Although inline styles are not present in your HTML, there are JavaScript files injecting styles inline. It would be better to have the JavaScript code update CSS selectors and relocate the CSS code to a separate file.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

What are the methods for setting the width and height of an Angular mat dialog box?

I'm currently working with a Mat dialog box in Angular and I'm trying to include styles for width and height within that object. However, I'm encountering errors and can't seem to resolve them. Is there another method for setting width ...

cssangularmodal-dialogmat-dialog

What is the best way to align this horizontal list in the middle of a fixed div?

I have a UL element that contains 4 icons within a div using absolute positioning to align it to the bottom of the screen. This div is located within a fixed sidebar. To create a horizontal list, I applied display: inline to the list items. You can see t ...

htmlcsstwitter-bootstrap

Tips on positioning a dropdown item to the far right of the page

I need help moving the language switcher and its items to the right side of the page. I tried using ml-auto but it didn't work for me. Whenever I try to adjust the position with padding-left, all the items end up in the center of the page. Any suggest ...

htmlcssbootstrap-4

Tips for successfully passing import as props arguments in React JS

I am using react-lotties and would like to add different animations to multiple divs by just changing the URL of the lotties As a beginner in React, please be kind :) This is my code snippet : My Lotties Component : import React, { Component } f ...

javascriptreactjslottie

What is the best method for extracting data from an object?

I need to transfer data from a JSON file to my reducer. After mapping the file, I obtained an object containing the necessary data. export const datas = data.properties.map(data => (<store key={Math.floor(Math.random()*1234)} author={data.value} comm ...

jsonreactjsreact-redux

React components are failing to appear on a Laravel-mix react project that has been deployed on a shared hosting server

After successfully deploying a Laravel Mix React project on Hostinger shared hosting server, I encountered an issue where the react components inside the Laravel blade files were not displaying. Upon checking the network, it became evident that the server ...

reactjslaravel

Errors with pointer events occurring within nested iframes on Chromium 78

At first glance, it seems like a bug specific to Chromium. I have already reported this issue in a bug report. Since progress is slow on that front, I am posting a question here primarily to see if anyone else has encountered similar or related issues and ...

javascripthtmlcssiframechromium

A visual element positioned centrally within a row, directly beneath a paragraph tag

Every solution I attempt fails to work correctly, at times I achieve centering the image but then the figcaption ends up crammed into a small corner. <!DOCTYPE html> <html lang="en> <head> <meta charset="UTF-8> <link r ...

cssbootstrap-5

What is the solution to resolving CORS error when using Stripe with Next.js?

I encountered a CORS error message stating that `Access to XMLHttpRequest at 'https://checkout.stripe.com/c/pay/cs_test_a13NBIQCPQonxjMN9GGvkS9u71VZGdxxJTZblp8mh8owCu72JIhm3vW3X6#fidkdWxOYHwnPyd1blpxYHZxWjA0T09VamtMZmZhaWx3NGZ3fHMxcXxsc0RxY05GY0QwT2J ...

reactjsapinext.jscorsstripe-payments

What are the best practices for handling local storage data in a Next.js project when transitioning between user profiles?

I am currently working on a React/Nextjs application where I have implemented a custom useLocalStorage hook to manage local storage for user profiles, simulating a chatgpt app. However, I have encountered an issue where the data in local storage for a new ...

reactjsnext.jsreact-hookslocal-storage

Develop a custom autocomplete feature using Formik in React for selecting values from an array of objects

Looking to Add Autocomplete Functionality in Your React Application Using Formik for Seamless Selection of Single and Multiple Values from an Array of Objects? Take a Look at this Code snippet! [see image below] (https://i.stack.imgur.com/ekkAi.png) arra ...

javascriptreactjsmaterial-uiautocompleteformik

Continue scrolling once you reach the fixed-positioned div

live demo html <div class="one"></div> <div class="two"></div> <div class="three"></div> <div class="four"></div> css .container{ margin: 0; padding: 0; ...

jqueryhtmlcss

What is the best way to implement my Vanilla JS Array manipulation technique in a ReactJS environment?

https://i.sstatic.net/ZRGsS.jpgMy REST API development is in its final stages, and I'm currently facing a challenge with converting an array received from the backend into either a Nested Object of Objects or an array of objects. This conversion would ...

javascriptarraysreactjs

Highlight the phrase "figure x" within the paragraph to emphasize its importance

I want to emphasize figure 1, figure2, ...all the way up to figure 111. I am limited to making changes in HTML and CSS only, without using JavaScript or jQuery. Is there a different method than just inserting <strong> in the HTML? In CSS, we have : ...

htmlcssfigurecss-counter

React: Retrieving information post `componentDidMount`

Seeking advice on React data fetching best practices. Common tutorials recommend fetching data in the componentDidMount lifecycle method. This results in a lifecycle that looks like this: render componentDidMount fetch ... setState render Now, I ha ...

reactjs

Hovering over an element and eliminating any extra space

Hey there, I'm looking for some assistance with removing the whitespace on hover. Below is the code along with a screenshot for reference: div.show_sizes_onhover { background: rgba(255,255,255,.9); bottom: -1px; color: #a1a1a1; left: 0; padding: 5px ...

htmlcsswebshop

Ways to overlook concealed elements within a Bootstrap Button Group

Within my button group, there are 10 buttons. On certain screen widths, using media queries for responsiveness, I hide some buttons. The issue arises when the last button is hidden - the rounded edges of the succeeding visible button are not maintained. ...

csstwitter-bootstrap

Dynamically altering the CSS4 variables in real time

I am facing the challenge of managing multiple CSS4 variables, including primary, for various companies. How can I dynamically change the primary CSS4 variable color based on the company? Note: My specific requirement is to update the primary variable glo ...

cssangulartypescriptangular7ionic4

Make the background disappear when the text field is left empty and the cursor is not present (onUnfocus)

When the text field is empty and there is no cursor in the text field, I want it to be transparent and for the spell checker not working. The result should be displayed a little to the left inside a <div>. Should this be done using CSS, JavaScript, ...

javascriptphpjqueryhtmlcss

Varying levels of scaling on iPhone and iPad

I am currently working on a website project for my friend's brother and everything is running smoothly (for the most part). The layout of the site is designed with a centered container, leaving approximately 15-20% space from the left side. However, ...

phpiphonecssipad