@codecademy/styleguide 79.1.2 → 79.1.3-alpha.1abfb2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/package.json +2 -2
- package/src/lib/Meta/Installation.mdx +16 -0
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,12 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
### [79.1.3-alpha.1abfb2.0](https://github.com/Codecademy/gamut/compare/@codecademy/styleguide@79.1.2...@codecademy/styleguide@79.1.3-alpha.1abfb2.0) (2026-02-23)
|
|
7
|
+
|
|
8
|
+
### Bug Fixes
|
|
9
|
+
|
|
10
|
+
- **CSP:** add better nonce support ([afdff6e](https://github.com/Codecademy/gamut/commit/afdff6e78aa8bed6ce8e051742b3e52822b9ba82))
|
|
11
|
+
|
|
6
12
|
### [79.1.2](https://github.com/Codecademy/gamut/compare/@codecademy/styleguide@79.1.1...@codecademy/styleguide@79.1.2) (2026-02-12)
|
|
7
13
|
|
|
8
14
|
**Note:** Version bump only for package @codecademy/styleguide
|
package/package.json
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@codecademy/styleguide",
|
|
3
3
|
"description": "Styleguide & Component library for codecademy.com",
|
|
4
|
-
"version": "79.1.
|
|
4
|
+
"version": "79.1.3-alpha.1abfb2.0",
|
|
5
5
|
"author": "Codecademy Engineering",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"publishConfig": {
|
|
8
8
|
"access": "public"
|
|
9
9
|
},
|
|
10
10
|
"repository": "git@github.com:Codecademy/gamut.git",
|
|
11
|
-
"gitHead": "
|
|
11
|
+
"gitHead": "734662ca153eefff96d91dd279195d2232172191"
|
|
12
12
|
}
|
|
@@ -63,6 +63,22 @@ GamutProvider handles a few critical tasks that need to happen in order for comp
|
|
|
63
63
|
3. Adds Global styles and CSS Variables
|
|
64
64
|
4. Sets the current Color Mode context and variables.
|
|
65
65
|
|
|
66
|
+
### Content Security Policy (CSP)
|
|
67
|
+
|
|
68
|
+
If your app uses a strict Content-Security-Policy (e.g. `style-src` without `'unsafe-inline'`), pass a nonce to `GamutProvider` so Emotion and other Gamut-managed style tags are allowed:
|
|
69
|
+
|
|
70
|
+
```tsx
|
|
71
|
+
<GamutProvider nonce={yourCspNonce}>
|
|
72
|
+
<App />
|
|
73
|
+
</GamutProvider>
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
Your nonce should be the same value you use in your CSP header (e.g. `style-src 'self' 'nonce-{value}'`). Gamut uses the [get-nonce](https://www.npmjs.com/package/get-nonce) singleton so that style tags injected by react-style-singleton (e.g. from FocusTrap) also receive this nonce.
|
|
77
|
+
|
|
78
|
+
**Motion components:** When you pass a nonce to GamutProvider, it also wraps children in framer-motion's MotionConfig so that motion components (Drawer, Alert, List, Toaster, etc.) get the nonce on their injected style tags. No extra wrapper is needed.
|
|
79
|
+
|
|
80
|
+
**Video (Vidstack):** The Video component uses `@vidstack/react`, which applies styles via inline styles (element.style / CSSOM). CSP nonces apply only to `<style>` and `<script>` elements, not to inline style attributes, so **nonce cannot fix** Vidstack's CSP violations. If you use strict CSP and the Video component, relax CSP for that context (e.g. allow the Video route or sandbox) or avoid using Video where strict CSP is required.
|
|
81
|
+
|
|
66
82
|
**Note:** For react frameworks like Next and Gatsby this will be slightly different (see the SSR section for further steps for each framework). Your entry points for each framework will be:
|
|
67
83
|
|
|
68
84
|
- **Next** `_app.tsx`
|