Problem/Motivation

When using CKEditor5 in Drupal 10.1 with a CSP that does not have 'unsafe-inline' in the style-src directive, CKEditor fails to load properly. (See attached screenshot).

As documented by CKEditor5, style-src requires unsafe-inline: https://ckeditor.com/docs/ckeditor5/latest/installation/advanced/csp.html

Steps to reproduce

Proposed resolution

CommentFileSizeAuthor
#6 csp-ckeditor5_unsafe_inline-3386187-6.patch1.66 KBchrissnyder
CKEditor5_without_unsafe-inline_style-src.png324.22 KBchrissnyder

Issue fork csp-3386187

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

ChrisSnyder created an issue. See original summary.

ChrisSnyder opened merge request !16

chrissnyder’s picture

chrissnyder
he/him
commented
Issue summary: View changes
chrissnyder’s picture

chrissnyder
he/him
commented
Status: Active » Needs review
chrissnyder’s picture

chrissnyder
he/him
commented
chrissnyder’s picture

chrissnyder
he/him
commented
StatusFileSize
new csp-ckeditor5_unsafe_inline-3386187-6.patch1.66 KB

Related patch file.

gapple made their first commit to this issue’s fork.

gapple’s picture

gapple
he/they
Primary language English
commented
Status: Needs review » Reviewed & tested by the community

Made some changes to make handling libraries that load editors via ajax a little more generic. Quickedit will be getting removed soon as part of dropping D9 support, but I think it still makes the pattern a little clearer for other modules that may need to do the same thing.

  • gapple committed f159366a on 8.x-1.x authored by ChrisSnyder 
    Issue #3386187 by ChrisSnyder, gapple: CKEditor5 requires style-src '...
gapple’s picture

gapple
he/they
Primary language English
commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.