03-10-2022, 07:04 AM
Hi Alexandre,
Do we have any update on issue when nonce was added on CSP? One of the reason why we upgraded from IW14 to IW15 was according to version history nonce is already supported but we are getting an error when we are adding nonce on CSP header.
See below error:
127.0.0.1/:102 [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-t4IHZcUfixmt8pOee1Yq3TpxhVIflw0gxX6Q/Xc9kIo='), or a nonce ('nonce-...') is required to enable inline execution.
Currently, we are using 'unsafe-inline' but this has been flagged by our security team.
Thanks
Do we have any update on issue when nonce was added on CSP? One of the reason why we upgraded from IW14 to IW15 was according to version history nonce is already supported but we are getting an error when we are adding nonce on CSP header.
See below error:
127.0.0.1/:102 [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-t4IHZcUfixmt8pOee1Yq3TpxhVIflw0gxX6Q/Xc9kIo='), or a nonce ('nonce-...') is required to enable inline execution.
Currently, we are using 'unsafe-inline' but this has been flagged by our security team.
Thanks