Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Utterances Requires inline-script CSP Access #898

Open
micchickenburger opened this issue Mar 13, 2024 · 1 comment
Open

Utterances Requires inline-script CSP Access #898

micchickenburger opened this issue Mar 13, 2024 · 1 comment

Comments

@micchickenburger
Copy link

Describe the problem:

Commit 9ea82c5 change Utterances script load logic to support changing between light and dark modes. However, this uses an inline script. This inline script will not execute unless the site's Content Security Policy allows inline-script, which is generally not considered a good idea.

Steps to reproduce:

  1. Configure utterances
  2. Implement a content security policy without inline-script access

One possible workaround might be to load this as an external script, using whatever Hugo uses for generating the integrity values on script elements.
@micchickenburger
Copy link
Author

Actually, we might be able to revert back to the original code altogether. That's what I did in my site, and take a look: Changing the theme from light to dark works just fine for utterances. https://www.micah.soy/posts/introduction-to-cryptography-blade-runner-style/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@micchickenburger