Content Security Policy | How to solve content security policy error | #html #vuejs #angular #react

With unsafe-inline and unsafe-eval, getting webinspect issue as these are disabling imp part of content security policy, then how can we use nonce instead of unsafe-eval & unsafe-inline.

PRIYATYAGIVLOGS

Thanks this was a really simple and concise explanation of this concept! Also, thanks for the example as well!

astackzzzz

Is there any way to avoid unsafe-eval usages? Im trying to remove it due to XSS attack issues

spotlights

Appreciate if this would have been without unsafe. As doing that it has no point, as you are again bringing security concern.

adityaa

I have this error help "Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'." how do I solve it

jorgezelaramos

We are using unsafe inline and unsafe eval in default src when we remove it our application is breaking kindly let us know the solution for this

nandhanrajvir

hi i am running odoo in an nginx server and i have set the conf file in nginx like this for content security policy error

add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";

but after this the website doesnot load, what is the right way to solve this issue

bkhesco

Hi I am getting issue for security prospect because of unsafe inline, and if I remove it the design get break, can you help on this to solve this CSP issue by removing unsafe inline from script and style only

RahulKumar-dtzo

Bro is it unsafe to use scripts-src="self" in mera tag ?

PIYUSH-lzzq

what should i do when scp header is not showing in network tab

vishnumaurya

this is nuts. i don't even HAVE an index.html (or any other html file in my project) and i get that im trying to use a font that i can't use??

stodani

Solution is easy with 'unsafe-inline', but show me a solution without it.

maq