Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(@angular/build): update critical CSS inlining to support autoCsp #29638

Merged
merged 1 commit into from
Feb 14, 2025
Merged

fix(@angular/build): update critical CSS inlining to support autoCsp #29638

merged 1 commit into from
Feb 14, 2025

Conversation

alan-agius4
Copy link
Collaborator

@alan-agius4 alan-agius4 commented Feb 13, 2025
edited
Loading

This update improves the handling of inlined critical CSS to align with autoCsp, ensuring compliance with Content Security Policy (CSP) directives. Previously, inlined styles could trigger CSP violations in certain configurations. With this fix, critical CSS is inlined in a way that maintains security while supporting autoCsp.

Closes #29603

//cc @aaronshim

@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer target: patch This PR is targeted for the next patch release labels Feb 13, 2025
@alan-agius4 alan-agius4 requested a review from dgp1130 February 13, 2025 14:41
@alan-agius4 alan-agius4 force-pushed the auto-csp-css-inline branch 3 times, most recently from bffc752 to 4dbb4de Compare February 13, 2025 14:55
@alan-agius4 alan-agius4 changed the title fix(@angular/build): update autoCsp to handle inlined critical CSS fix(@angular/build): update critical CSS inlining to support autoCsp Feb 13, 2025
@alan-agius4 alan-agius4 force-pushed the auto-csp-css-inline branch 2 times, most recently from 84366d7 to c2e79f9 Compare February 13, 2025 15:03
@alan-agius4 alan-agius4 reopened this Feb 13, 2025
@alan-agius4 alan-agius4 force-pushed the auto-csp-css-inline branch 5 times, most recently from 83883d9 to d0e3f12 Compare February 14, 2025 15:11
@alan-agius4
fix(@angular/build): update critical CSS inlining to support autoCsp
4bac5d8 
This update improves the handling of inlined critical CSS to align with `autoCsp`, ensuring compliance with Content Security Policy (CSP) directives. Previously, inlined styles could trigger CSP violations in certain configurations. With this fix, critical CSS is inlined in a way that maintains security while supporting `autoCsp`.

Closes angular#29603
dgp1130
dgp1130 approved these changes Feb 14, 2025
View reviewed changes
Copy link
Collaborator

@dgp1130 dgp1130 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, do we want to wait for @aaronshim to take a look or just merge this as is? Feels more related to critical CSS than AutoCSP really.

@alan-agius4
Copy link
Collaborator Author

@dgp1130 ship it!

Indeed it’s mostly around critical css inlining.

@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Feb 14, 2025
@dgp1130 dgp1130 merged commit e6deb82 into angular:main Feb 14, 2025
31 checks passed
@dgp1130
Copy link
Collaborator

dgp1130 commented Feb 14, 2025

The changes were merged into the following branches: main, 19.1.x

@alan-agius4 alan-agius4 deleted the auto-csp-css-inline branch February 14, 2025 22:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgp1130 dgp1130 dgp1130 approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker area: @angular/build target: patch This PR is targeted for the next patch release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

autoCSP and media="print" onload="this.media='all'"
2 participants
@alan-agius4 @dgp1130