Document CSP nonce option and update unsafe-inline guidance#1800
Document CSP nonce option and update unsafe-inline guidance#1800brettdorrans wants to merge 9 commits intomainfrom
Conversation
Add nonce option to SDK option references (Link, Connections, Bank Feeds), update all 13 CSP guidance blocks to recommend nonce-based style-src over unsafe-inline, and add a new CSP nonce section with usage example, migration guide, backwards compatibility note, and mount-time behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
brettdorrans
changed the title
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Remaining comments which cannot be posted as a review comment to avoid GitHub Rate Limit
vale
docs/auth-flow/optimize/connection-management.md|504 col 65| [Google.Contractions] Use 'aren't' instead of 'are not'.
docs/auth-flow/optimize/connection-management.md|570 col 65| [Google.Contractions] Use 'aren't' instead of 'are not'.
docs/auth-flow/optimize/connection-management.md|603 col 54| [Google.Passive] In general, use active voice instead of passive voice ('is displayed').
docs/auth-flow/optimize/connection-management.md|604 col 92| [Google.Contractions] Use 'aren't' instead of 'are not'.
docs/bank-feeds/bank-feeds-sdk.md|112 col 64| [Google.Contractions] Use 'aren't' instead of 'are not'.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…italization Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
codat-docs/sidebars/auth-flow.js Lines 7 to 11 in 186baf1 This new page needs to be included in the sidebar so that it is visible to navigate to |
@pmckinney-codat It's unclear which page you refer to? There are no new pages in this PR, I think? |
- Remove stray trailing semicolon on CodatLink JSX example - Use meta-tag retrieval pattern in bank-feeds and connections examples instead of hardcoded nonce strings; move reference link into prose rather than code comments - Restore parenthetical gloss in sourceTypes description - Use a realistic base64-style nonce value in the usage example Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
| ``` | ||
|
|
||
| Use the component in your solution as needed: | ||
| Use the component in your solution as needed. If you use CSP nonces, read the nonce from a server-rendered source (for example a `<meta name="csp-nonce">` tag) and pass it through `options.nonce` — see [CSP nonce](/auth-flow/customize/sdk-customize-code#csp-nonce) for the full pattern. |
There was a problem hiding this comment.
🚫 [vale] reported by reviewdog 🐶
[Google.EmDash] Don't put a space before or after a dash.
|
Link check results for preview deployment (https://codat-docs-git-PEP-912-update-public-csp-docs-codat.vercel.app): |
2 participants
Summary
options.nonceprop across all SDK components (CodatLink, CodatConnections, CodatBankFeeds)style-srcinstead of'unsafe-inline'Test plan
npm run buildpasses#csp-nonceanchor)🤖 Generated with Claude Code