Replies: 2 comments 1 reply
-
|
If you could tell me what the CSP rule to allow this kind of URL would be, that would be great. Of course, just putting |
Beta Was this translation helpful? Give feedback.
-
|
I don't use CSPs often but, if you're hosting Shoelace on your own server, this seems like it would allow it from the same (trusted) origin: If you're using Shoelace from a CDN, you'll need to loosen it up a bit to allow for whatever the appropriate domain is. |
Beta Was this translation helpful? Give feedback.
-
|
The thing I am afraid of is that using If there isn't a CSP rule to allow loading the assets in a targeted manner, then the library's current behavior should be considered a bug. |
Beta Was this translation helpful? Give feedback.
-
Whenever the tab group gets big, it tries loading the
data:image/svg+xml,%0A%20%20%20%20%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20width%3D%2216%22%20height%3D%2216%22%20fill%3D%22currentColor%22%20class%3D%22bi%20bi-chevron-left%22%20viewBox%3D%220%200%2016%2016%22%3E%0A%20%20%20%20%20%20%3Cpath%20fill-rule%3D%22evenodd%22%20d%3D%22M11.354%201.646a.5.5%200%200%201%200%20.708L5.707%208l5.647%205.646a.5.5%200%200%201-.708.708l-6-6a.5.5%200%200%201%200-.708l6-6a.5.5%200%200%201%20.708%200z%22%2F%3E%0A%20%20%20%20%3C%2Fsvg%3E%0A%20%20, which promptly gets blocked by the CSP. I cannot figure out how to allow this. Trying to allow it directly inconnect-srccomplains that the URL has invalid characters.Beta Was this translation helpful? Give feedback.
All reactions