Update packages/rrweb/src/replay/index.ts

KristianGrafana · Copilot · web-flow · commit ec2a859c382e · 2025-12-02T15:26:30.000+01:00
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/packages/rrweb/src/replay/index.ts b/packages/rrweb/src/replay/index.ts
@@ -620,12 +620,28 @@ export class Replayer {
     this.iframe.setAttribute('sandbox', attributes.join(' '));
     
     // Apply CSP if configured
-    if (this.config.csp) {
-      this.iframe.setAttribute('csp', this.config.csp);
-    }
+    // (Do not set non-standard 'csp' attribute)
     
     this.disableInteract();
     this.wrapper.appendChild(this.iframe);
+    // Inject CSP meta tag into iframe's document if configured
+    if (this.config.csp && this.iframe.contentDocument) {
+      const meta = this.iframe.contentDocument.createElement('meta');
+      meta.httpEquiv = 'Content-Security-Policy';
+      meta.content = this.config.csp;
+      // Ensure head exists before appending
+      if (this.iframe.contentDocument.head) {
+        this.iframe.contentDocument.head.appendChild(meta);
+      } else {
+        // If head doesn't exist, create it and append
+        const head = this.iframe.contentDocument.createElement('head');
+        head.appendChild(meta);
+        this.iframe.contentDocument.documentElement.insertBefore(
+          head,
+          this.iframe.contentDocument.body || null
+        );
+      }
+    }
     if (this.iframe.contentWindow && this.iframe.contentDocument) {
       smoothscrollPolyfill(
         this.iframe.contentWindow,
