Content Security Policy (CSP) Violation on Commit Graph Commit hover #4794
Description
Description
A Content Security Policy (CSP) violation error occurs in the VS Code Developer Console when hovering over any commit in the GitLens Commit Graph view. This likely causes improper styling or a failure to display some styles within the hover tooltip.
Steps to Reproduce
Open a repo with a Git history in VS Code.
Go to the Commit Graph section.
Open the Developer Tools in VS Code (Help > Toggle Developer Tools).
Navigate to the Console tab within the Developer Tools.
Hover the mouse cursor over any commit node within the Commit Graph to trigger the hover tooltip (the popup showing commit details).
Expected Behavior:
The commit tooltip should display correctly with all intended styles, and no CSP errors should be logged in the Developer Console.
Actual Behavior:
Upon hovering over a commit, the following CSP violation error is displayed in the Console:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://*.vscode-cdn.net 'nonce-iLlPdEfGjw3r1OtdLTiJpQ==' 'unsafe-hashes' 'sha256-e1w6UmV6eVJuQr9ktGHETAhNAeqaZF3rEpqMU4iIUoQ='". Either the 'unsafe-inline' keyword, a hash ('sha256-LJ90Anyva9NUJTdUOjiA20NhuITw4H4AyEFtBxs9ono='), or a nonce ('nonce-...') is required to enable inline execution.
Untitled_.Dec.08.2025.5_32.PM.webm
GitLens Version
2025.12.604
VS Code Version
Version: 1.106.3 (user setup)
Commit: bf9252a2fb45be6893dd8870c0bf37e2e1766d61
Date: 2025-11-25T22:28:18.024Z
Electron: 37.7.0
ElectronBuildId: 12781156
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Windows_NT x64 10.0.26100
Git Version
git version 2.52.0.windows.1
Logs, Screenshots, Screen Captures, etc
