feat: support Content Security Policy w/o need for unsafe-inline styles

[oliversalzburg]

We don't allow unsafe-eval or unsafe-inline in our Content Security Policy. This causes angular-material to not work and many errors being logged in the JS console when attempting to use it.

We're already using ngCsp, but it has no noticeable effect on the issue.

[ThomasBurleson]

Please post this in the Angular Material Forum

[oliversalzburg]

Done. The topic is at https://groups.google.com/forum/#!topic/ngmaterial/2CccXg20F2c

[oliversalzburg]

Might have been solved in part by #7959

[oliversalzburg]

One can now use https://material.angularjs.org/latest/api/service/$mdThemingProvider#mdthemingprovider-setnonce-noncevalue apparently.

[stu-co]

@oliversalzburg setNonce(); did not work for me - did you find a solution to this?

[oliversalzburg]

@stu-co Sadly, no. It was put on our backlog and priority to solve it is very low.

[Splaktar]

You can use https://github.com/angular/material-tools to do custom builds of the CSS. There are some docs on creating static themes here. I haven't tried it with the latest version of AngularJS Material, please open issues in that repo if you run into problems.

I'm not sure that this will solve the CSP issues with unsafe inline styles, but it's worth taking a look at.