Skip to content

Document CSP nonce option and update unsafe-inline guidance#1800

Draft
brettdorrans wants to merge 6 commits intomainfrom
PEP-912-update-public-csp-docs
Draft

Document CSP nonce option and update unsafe-inline guidance#1800
brettdorrans wants to merge 6 commits intomainfrom
PEP-912-update-public-csp-docs

Conversation

@brettdorrans
Copy link
Copy Markdown

@brettdorrans brettdorrans commented Apr 7, 2026

Summary

  • Document the new options.nonce prop across all SDK components (CodatLink, CodatConnections, CodatBankFeeds)
  • Update CSP guidance to recommend nonce-based style-src instead of 'unsafe-inline'
  • Add usage example, migration guide, backwards compatibility note, and mount-time behavior details

Test plan

  • Verify npm run build passes
  • Check all internal links resolve (e.g. #csp-nonce anchor)
  • Review rendered markdown for options tables formatting

🤖 Generated with Claude Code

@claude
PEP-912: Document CSP nonce option and update unsafe-inline guidance
a63f8a9 
Add nonce option to SDK option references (Link, Connections, Bank Feeds),
update all 13 CSP guidance blocks to recommend nonce-based style-src over
unsafe-inline, and add a new CSP nonce section with usage example, migration
guide, backwards compatibility note, and mount-time behavior.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
codat-docs Ready Ready Preview, Comment Apr 7, 2026 1:04pm

Request Review

@brettdorrans brettdorrans changed the title PEP-912: Document CSP nonce option and update unsafe-inline guidance Document CSP nonce option and update unsafe-inline guidance Apr 7, 2026
github-actions[bot]
github-actions bot reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remaining comments which cannot be posted as a review comment to avoid GitHub Rate Limit

vale

docs/auth-flow/optimize/connection-management.md|504 col 65| [Google.Contractions] Use 'aren't' instead of 'are not'.
docs/auth-flow/optimize/connection-management.md|570 col 65| [Google.Contractions] Use 'aren't' instead of 'are not'.
docs/auth-flow/optimize/connection-management.md|603 col 54| [Google.Passive] In general, use active voice instead of passive voice ('is displayed').
docs/auth-flow/optimize/connection-management.md|604 col 92| [Google.Contractions] Use 'aren't' instead of 'are not'.
docs/bank-feeds/bank-feeds-sdk.md|112 col 64| [Google.Contractions] Use 'aren't' instead of 'are not'.

@claude
Fix vale linting: contractions, active voice, and style
6afa6ac 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
github-actions[bot]
github-actions bot reviewed Apr 7, 2026
View reviewed changes
@claude
Fix remaining vale issues: active voice in options table, heading cap…
8d855f0 
…italization

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
github-actions[bot]
github-actions bot reviewed Apr 7, 2026
View reviewed changes
@claude
Fix remaining vale issues: parens and passive voice in options table
8ff90ae 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
github-actions[bot]
github-actions bot reviewed Apr 7, 2026
View reviewed changes
@claude
Fix heading capitalization and em-dash spacing
d2f686f 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
Fix prettier formatting
28e645e 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 7, 2026

Link check results for preview deployment (https://codat-docs-git-PEP-912-update-public-csp-docs-codat.vercel.app):

[
  "[401] https://codat-docs-git-pep-912-update-public-csp-docs-codat.vercel.app/"
]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brettdorrans