Home > database >  Javascript inline style CSP violation
Javascript inline style CSP violation

Time:10-04

I'm currently implementing CSP in our Rails application, we use a library called SplitText VERSION: 0.6.1 from enter image description here

The code from this library is in a .js file and it's imported and used by other components.

Is there a way of using a nonce for local imported libraries similar to what is applied to script tags when loading remote sources?

Or is it possible to ignore CSP violations coming from a specific file? I don't want to use unsafe-inline

CodePudding user response:

The SplitText vendor informed us that they use this pattern for performance reasons and have no intention of modifying this behaviour. https://greensock.com/forums/topic/34053-splittext-inline-style-content-security-policy-violation

Here's a good explanation of why this javascript violates the inline-style rule "inline-style"-Error with Content Security Policy and Javascript and how it could be prevented.

The way we can work around this issue is to use the unsafe-hashes header with the respective sha256 hash.

Page link:https//www.codepudding.com/database/564736.html

Prev:Undefined method `map' when creating new JSON record when using Carrierwave
Next:Find IP address of docker container running inside docker swarm
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding