Topic: CSP issues with the package

r-langevoortlangsoftfdev-com priority asked 10 months ago


Expected behavior This should work with CSP headers.

Actual behavior It does not work with CSP header "style-src 'self". detect-autfill.js breaks that. I am unable to use the package that I just bought, because I cannot remove the CSP headers. So I need a fix for this. I noticed the last answer to the same question was 6 months ago and I can't wait that long. Can you pls let me know why this is necessary and how to remove it from the js code. There must be some workaround for it.

Resources (screenshots, code snippets etc.) enter image description here


Grzegorz Bujański staff answered 9 months ago


We will try to create our own implementation of this solution to eliminate this problem.


Kamila Pieńkowska staff answered 10 months ago


Can you add 'unsafe-inline' keyword to the Content Security Policy?

Because the MDB package relies heavily on styles applied inline with JS.


r-langevoortlangsoftfdev-com priority commented 10 months ago

No, I cannot add that. The CSP is there for a reason. I had to abandon the package. CSP is a must. Every PEN test will tell you that.


Kamila Pieńkowska staff answered 10 months ago


We are currently working on improving CSP.

Can you provide a snippet or link to a site that gives this error?


r-langevoortlangsoftfdev-com priority commented 9 months ago

Hi, no I'm sorry I can't. We have no live site with the package included because of the CSP issue. However, there's no code snippet necessary; all you have to do is include the javascript file and make sure you have your csp set to "style-src 'self'". Your browser console will then show that error I posted. And, wherever the tyle was supposed to be applied it won't be.



Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue

  • ForumUser: Priority
  • Premium support: Yes
  • Technology: MDB Standard
  • MDB Version: MDB5 6.4.0
  • Device: All
  • Browser: All
  • OS: All
  • Provided sample code: No
  • Provided link: No