Topic: detect-autofill.js failing on Content Security Policy

szaiftamas priority asked 3 months ago

Expected behavior I would like to implement Content Security Policy, but the detect-autofill.js is failed on this. How can I solve this issue?

Actual behavior The detect-autofill.js is failed on CSP. This error is present in version 5.0.0 and 6.0.1

Resources (screenshots, code snippets etc.)

MDB CSP Test Page

<!DOCTYPE html>
    <title>MDB CSP Test</title>
    <meta http-equiv="Content-Security-Policy" content="default-src 'self';">
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <!-- Font Awesome -->
    <!-- Google Fonts -->
    <!-- MDB -->
    <div>Check the console log</div>
    <!-- MDB -->

enter image description here

Grzegorz Bujański staff answered 3 months ago

It seems one of our dependencies (detect-autofill) is causing this problem. Unfortunately, I haven't been able to find a working solution that doesn't force using the unsafe-inline keyword value.

Sorry for that. I'll add it to our to-do list, we'll try to fix it.

szaiftamas priority commented 3 months ago

Which feature have been disabled in this case exactly, without unsafe-inline? If I do not use it in my project, this error log is not a problem. -> Added more information at 2022-12-23 13:45 -> I continued the CSP integration and I realized to the unsafe-inline is mandatory.

Please insert min. 20 characters.


Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.



Specification of the issue

  • User: Priority
  • Premium support: Yes
  • Technology: MDB Standard
  • MDB Version: MDB5 6.0.1
  • Device: PC
  • Browser: Firefox
  • OS: Ubuntu Linux
  • Provided sample code: No
  • Provided link: Yes