Contrib.social

Content Security Policy Compatibillity

Open on Drupal.org →
Created on 8 December 2023, over 1 year ago
Updated 11 December 2023, over 1 year ago

Problem/Motivation

When the Content Security Policy style-src 'self' is applied, the browser is rejecting certain inline styles and tokens.

This is the message in the console dev tools:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://cdn.dxpr.com cdn.dxpr.com cdn.userway.org *.userway.org cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com unpkg.com". Either the 'unsafe-inline' keyword, a hash ('sha256-x3FTjUezKnR6+Fp8bry9T6/SlOEOIUyMu/5S7CIOuIo='), or a nonce ('nonce-...') is required to enable inline execution.

Steps to reproduce

1- Activate the module: https://www.drupal.org/project/csp
2- Enforce the policy: style-src 'self'

Feature request
Status

Active

Version

3.0

Component

Code

Created by

🇨🇴Colombia Freddy Rodriguez Bogotá

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Freddy Rodriguez
  • Comment over 1 year ago
    🇮🇳India ravi kant Jaipur

    I am facing the same issue, and During debugging, I found that it is happening due to the module providing options to add inline style and JS. So, we need the options to add classes, and based on these classes, we can write our styles in external files.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024