Skip to content

[fix] Ensure crossOrigin attribute is properly set for CCv2 stylesheets #13376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sfc-gh-bnisco merged 1 commit into from
Dec 16, 2025
Merged

[fix] Ensure crossOrigin attribute is properly set for CCv2 stylesheets #13376

sfc-gh-bnisco merged 1 commit into from
Dec 16, 2025
+111 −6

Conversation

@sfc-gh-bnisco
Copy link
Collaborator

@sfc-gh-bnisco sfc-gh-bnisco commented Dec 15, 2025
edited
Loading

Describe your changes

Added support for the crossOrigin attribute on CSS link elements to CCv2 instances. This ensures that CSS resources loaded from different origins follow the same cross-origin policy as other resources in the application. The implementation:

  1. Uses the existing useCrossOriginAttribute hook to determine the appropriate crossOrigin value
  2. Applies the crossOrigin attribute to link elements when loading CSS from relative paths
  3. Maintains consistent behavior with other media elements in the application

Testing Plan

  • Adds unit tests

Contribution License Agreement

By submitting this pull request you agree that all contributions to this project are made under the Apache 2.0 license.

@snyk-io
Copy link
Contributor

snyk-io bot commented Dec 15, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 15, 2025
edited
Loading

✅ PR preview is ready!

Name Link
📦 Wheel file https://core-previews.s3-us-west-2.amazonaws.com/pr-13376/streamlit-1.52.1-py3-none-any.whl
📦 @streamlit/component-v2-lib Download from artifacts
🕹️ Preview app pr-13376.streamlit.app (☁️ Deploy here if not accessible)

@sfc-gh-bnisco Graphite App
Copy link
Collaborator Author

sfc-gh-bnisco commented Dec 15, 2025

This stack of pull requests is managed by Graphite. Learn more about stacking.

@sfc-gh-bnisco sfc-gh-bnisco added security-assessment-completed Security assessment has been completed for PR change:bugfix PR contains bug fix implementation impact:users PR changes affect end users labels Dec 15, 2025
Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes the crossOrigin attribute handling for CCv2 (Custom Component v2) stylesheet links to ensure consistent CORS behavior across the application. The change ensures that stylesheet <link> elements receive the same cross-origin treatment as other media resources.

Key changes:

  • Integrates useCrossOriginAttribute hook to compute the appropriate crossOrigin attribute value for CSS links
  • Sets the crossOrigin attribute on dynamically created <link> elements when loading external stylesheets
  • Adds comprehensive test coverage for different cross-origin scenarios (anonymous, use-credentials, and external URLs)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
frontend/lib/src/components/widgets/BidiComponent/hooks/useHandleHtmlAndCssContent.ts Integrates useCrossOriginAttribute hook and conditionally sets crossOrigin attribute on stylesheet link elements based on URL origin
frontend/lib/src/components/widgets/BidiComponent/BidiComponent.test.tsx Adds mock configuration setup and parameterized tests verifying correct crossOrigin attribute behavior for different scenarios

@sfc-gh-bnisco sfc-gh-bnisco force-pushed the 12-15-_fix_ensure_crossorigin_attribute_is_properly_set_for_ccv2_stylesheets branch from 9b094cb to 372fba5 Compare December 15, 2025 22:12
Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@sfc-gh-bnisco sfc-gh-bnisco marked this pull request as ready for review December 15, 2025 22:29
@lukasmasuch
Copy link
Collaborator

lukasmasuch commented Dec 15, 2025

@cursor review

lukasmasuch
lukasmasuch approved these changes Dec 15, 2025
View reviewed changes
Copy link
Collaborator

@lukasmasuch lukasmasuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

cursor[bot]
cursor bot reviewed Dec 15, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no bugs!

@sfc-gh-bnisco sfc-gh-bnisco merged commit 1f01424 into develop Dec 16, 2025
44 checks passed
@sfc-gh-bnisco sfc-gh-bnisco deleted the 12-15-_fix_ensure_crossorigin_attribute_is_properly_set_for_ccv2_stylesheets branch December 16, 2025 04:22
github-actions bot pushed a commit that referenced this pull request Dec 16, 2025
@sfc-gh-bnisco
[fix] Ensure crossOrigin attribute is properly set for CCv2 styleshee…
6a48913 
…ts (#13376)

## Describe your changes

Added support for the `crossOrigin` attribute on CSS link elements to
CCv2 instances. This ensures that CSS resources loaded from different
origins follow the same cross-origin policy as other resources in the
application. The implementation:

1. Uses the existing `useCrossOriginAttribute` hook to determine the
appropriate crossOrigin value
2. Applies the crossOrigin attribute to link elements when loading CSS
from relative paths
3. Maintains consistent behavior with other media elements in the
application

## Testing Plan

- Adds unit tests

---

**Contribution License Agreement**

By submitting this pull request you agree that all contributions to this
project are made under the Apache 2.0 license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cursor cursor[bot] cursor[bot] left review comments

@lukasmasuch lukasmasuch lukasmasuch approved these changes

Assignees

No one assigned

Labels

change:bugfix PR contains bug fix implementation impact:users PR changes affect end users security-assessment-completed Security assessment has been completed for PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sfc-gh-bnisco @lukasmasuch