Is it possible to use AtlasKit in Custom UI app without unsafe-inline?

Forge Forge UI Kit and Custom UI
, , ,
1

Hey Everyone,

This is my first time building a forge application. I have built a custom ui app and would like to use some components from AtlasKit that aren’t available in the Forge UI Kit (or UI Kit 2), such as the Progress Indicator. Everything is working correctly but I was hoping to remove the ‘- unsafe-inline’

permissions:
  content:
      styles:
        - unsafe-inline

from the manifest.yml. Currently when I remove this the app still works but I lose all styling and get a the following console error:

Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“style-src”).

I have been scouring documentation and community threads but anywhere this pops up it seems to be people instructing others to add the unsafe-inline. Anyone have any guidance? Thanks!

2

Hi @BobbyMarten , is there a particular reason why you would like to remove unsafe-inline ? The ProgressIndicator contains inline styles and so you won’t be able to remove unsafe-inline while using that component.

3

Hi QuocLieu,

Thanks for the response! I am thinking that allowing unsafe-inline will raise concerns when my organization’s security team reviews it before we add it to our Jira instance. I was just trying to work ahead to see if I could get it to work without unsafe-inline. Good to know that it is required for AtlasKit components, I’ll look to see if I can find any documenation that would give our security team peace of mind or potentially just build out some custom components if they ask me to.

1 Like