Comments (7)
It isn't possible because it would break backwards compatibility. Some users might rely on that stylesheet being injected.
If you really want to get rid of that message, the only option is to build custom version of Iconify. Clone this repository, open src/browser/init.js, remove this code:
/**
* Add stylesheet
*
* @param timed
* @returns {boolean}
*/
local.addStylesheet = function(timed) {
var el;
if (!document.head || !document.body) {
if (local.domready) {
// head or body is missing, but document is ready? weird
return true;
}
if (!timed) {
local.initTimeout(local.addStylesheet.bind(null, true));
}
return false;
}
// Add Iconify stylesheet
try {
el = document.createElement('style');
el.type = 'text/css';
el.innerHTML = 'span.iconify, i.iconify, iconify-icon { display: inline-block; width: 1em; }';
if (document.head.firstChild !== null) {
document.head.insertBefore(el, document.head.firstChild);
} else {
document.head.appendChild(el);
}
} catch (err) {}
return true;
};
local.initQueue.push(local.addStylesheet.bind(null, false));
then rebuild package. To rebuild it run these commands:
npm install
npm run build
Then you can use iconify.min.js
from directory dist
from iconify.
This is interesting. I'll need to investigate this new Chrome thing.
Currently inline style is used for 2 purposes:
- To add
transform: rotate(360deg)
that seems redundant, but it is actually needed to fix rendering bug in Firefox. - To add
vertical-align: -0.125em
that makes icon behave like icon font.
Rendering bug that required dummy transform is no longer needed. Just few years ago it existed in almost all browsers, but all vendors have fixed it. Firefox was last one to fix it just few months ago.
Vertical alignment is needed. However it can be moved from inline style to setting it in DOM: node.style.verticalAlign = '-0.125em';
. I don't know if that would fix error, will need to investigate it.
from iconify.
To add
transform: rotate(360deg)
that seems redundant, but it is actually needed to fix rendering bug in Firefox.
😆 This reminds me of a famous Jason Kidd quote.
I don't know if that would fix error, will need to investigate it
I believe that would fix the error as DOM manipulation doesn't violate CSP. Just setting inline styles does.
from iconify.
Managed to get that error as well, played a bit with it and found a fix. You are right, DOM manipulation doesn't violate CSP, so workaround works.
I'll apply fix, will do some more tests to make sure it all works and will publish update tomorrow.
For allowed script sources you also need to add https://api.iconify.design/
. Script uses JSONP to retrieve data for icons instead of fetching JSON because it is easier to support Internet Explorer that way, so it needs to be added to script-src
policy.
If you'll be updating to Iconify 2 when it will be available (I think it will be ready sometime in April, though could be delayed a bit because tons of documentation needs to be written), things will get a bit more complicated. You'll need to add 2 more domains to script-src
: https://api.simplesvg.com/
and https://api.unisvg.com/
. Why are there 3 domains instead of one? Sometimes visitors experience routing issues or DNS issues or API could be down for few minutes. Internet is not stable and things can happen. To solve that issue, new version has redundancy built in to connect to backup API if default API can't be reached within a second.
from iconify.
Sounds good! 👍
from iconify.
Published version 1.0.5 with fix.
You will still see one CSP notice in console. Script will attempt to inject the following stylesheet:
span.iconify, i.iconify, iconify-icon { display: inline-block; width: 1em; }
It will fail and display notice in console, but it will not affect any functionality and will not stop execution.
from iconify.
@cyberalien Hi, in version 1.0.5, I still get one style-src
error about unsafe-inline
. Is it possible not to set or inject any style to avoid this error?
EDIT: The error comes from this line in iconify.js
Thanks
from iconify.
Related Issues (20)
- Using static icons with Next.JS 13 HOT 7
- include uxwing.com icons HOT 2
- Sveltekit icon component change icon viewbox HOT 1
- Add option for @iconify/tailwind to disable height / width props HOT 6
- build iconify-icon in local failed HOT 7
- No exports condition for Svelte (Deprecation Warning) HOT 3
- ReferenceError: exports is not defined HOT 3
- search page can set bigger or loading more HOT 1
- Tailwindcss - Svelte - CMS HOT 3
- svelte OfflineIcon broken with 3.1.6 HOT 2
- Typescript complains HOT 9
- api changes HOT 5
- width and height is not matched correctly when setting with a decimal HOT 1
- Icon collection request: Bitcoin Icons HOT 3
- Package `@iconify/icons-material-symbols-light` not published to npm HOT 1
- Iconify on Svelte problem - Cannot find module HOT 1
- ✨ Align syntax for icons HOT 2
- Penpot integration HOT 2
- bug[React]: Icon Component does not render icon on first render when using `loadIcons` to preload HOT 5
- iconExists() not working on deployed site HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iconify.