(critical-css-extractor.kigo.studio)

234 points stevenpotts | 1 comments | 06 May 25 03:13 UTC | HN request time: 0.207s | source

Show context

sublinear ◴[06 May 25 05:58 UTC] No.43902200[source]▶

Non-starter for all but hobby websites since it's incompatible with any content security policy disallowing inline style tags.

Edit regarding replies to this comment: I'm sure many will get a kick out of your workarounds and they're all worth posting in the spirit of HN, however I am talking about CSPs that disallow shenanigans. Carry on though :^)

replies(4): >>43902265 #>>43902288 #>>43902334 #>>43902788 #

1. efortis ◴[06 May 25 06:20 UTC] No.43902288[source]▶

>>43902200 #

You can allow safe inline CSS with a nonce. For example:

  <style nonce="sha256-Ce2SAZQd/zkqF/eKoRIUmEqKy31enl1LPzhnYs3Zb/I=">
    html { background: red }
  </style>

And a CSP like this

  default-src 'self'; style-src 'sha256-Ce2SAZQd/zkqF/eKoRIUmEqKy31enl1LPzhnYs3Zb/I='

Here's how I automate mine:

https://github.com/uxtely/js-utils/blob/ad7d9531e108403a4146...

↑

Critical CSS