From cb29098d66758d6790e4f6c05a7590eb48021c00 Mon Sep 17 00:00:00 2001
From: Kristian Bremberg <kristian.bremberg@grafana.com>
Date: Tue, 2 Dec 2025 15:17:27 +0100
Subject: [PATCH 1/2] feat: Add option to add CSP to the replay iframe

---
 packages/rrweb/src/replay/index.ts | 6 ++++++
 packages/rrweb/src/types.ts        | 1 +
 2 files changed, 7 insertions(+)

diff --git a/packages/rrweb/src/replay/index.ts b/packages/rrweb/src/replay/index.ts
index 5f1101cc23..9ba9e31627 100644
--- a/packages/rrweb/src/replay/index.ts
+++ b/packages/rrweb/src/replay/index.ts
@@ -618,6 +618,12 @@ export class Replayer {
     // hide iframe before first meta event
     this.iframe.style.display = 'none';
     this.iframe.setAttribute('sandbox', attributes.join(' '));
+    
+    // Apply CSP if configured
+    if (this.config.csp) {
+      this.iframe.setAttribute('csp', this.config.csp);
+    }
+    
     this.disableInteract();
     this.wrapper.appendChild(this.iframe);
     if (this.iframe.contentWindow && this.iframe.contentDocument) {
diff --git a/packages/rrweb/src/types.ts b/packages/rrweb/src/types.ts
index a03e326b6f..d955589f1d 100644
--- a/packages/rrweb/src/types.ts
+++ b/packages/rrweb/src/types.ts
@@ -196,6 +196,7 @@ export type playerConfig = {
     warn: (...args: Parameters<typeof console.warn>) => void;
   };
   plugins?: ReplayPlugin[];
+  csp?: string;
 };
 
 export type missingNode = {

From 4016cb30502fcd6c724d3f524929d55cb734bcc2 Mon Sep 17 00:00:00 2001
From: Kristian Bremberg <kristian.bremberg@grafana.com>
Date: Wed, 3 Dec 2025 10:25:26 +0100
Subject: [PATCH 2/2] lint

---
 packages/rrweb/src/replay/index.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/rrweb/src/replay/index.ts b/packages/rrweb/src/replay/index.ts
index 9ba9e31627..e2d5f4c35b 100644
--- a/packages/rrweb/src/replay/index.ts
+++ b/packages/rrweb/src/replay/index.ts
@@ -618,12 +618,12 @@ export class Replayer {
     // hide iframe before first meta event
     this.iframe.style.display = 'none';
     this.iframe.setAttribute('sandbox', attributes.join(' '));
-    
+
     // Apply CSP if configured
     if (this.config.csp) {
       this.iframe.setAttribute('csp', this.config.csp);
     }
-    
+
     this.disableInteract();
     this.wrapper.appendChild(this.iframe);
     if (this.iframe.contentWindow && this.iframe.contentDocument) {
@@ -1542,8 +1542,8 @@ export class Replayer {
       const targetDoc = mutation.node.rootId
         ? mirror.getNode(mutation.node.rootId)
         : this.usingVirtualDom
-        ? this.virtualDom
-        : this.iframe.contentDocument;
+          ? this.virtualDom
+          : this.iframe.contentDocument;
       if (isSerializedIframe<typeof parent>(parent, mirror)) {
         this.attachDocumentToIframe(
           mutation,