Topic: detect-autofill.js failing on Content Security Policy
szaiftamas priority asked 3 months ago
Expected behavior I would like to implement Content Security Policy, but the detect-autofill.js is failed on this. How can I solve this issue?
Actual behavior The detect-autofill.js is failed on CSP. This error is present in version 5.0.0 and 6.0.1
Resources (screenshots, code snippets etc.)
<!DOCTYPE html> <html> <head> <title>MDB CSP Test</title> <meta http-equiv="Content-Security-Policy" content="default-src 'self' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/;"> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!-- Font Awesome --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet" /> <!-- Google Fonts --> <link href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap" rel="stylesheet" /> <!-- MDB --> <link href="https://cdnjs.cloudflare.com/ajax/libs/mdb-ui-kit/6.0.1/mdb.min.css" rel="stylesheet" /> </head> <body> <div>Check the console log</div> <!-- MDB --> <script src="https://cdnjs.cloudflare.com/ajax/libs/mdb-ui-kit/6.0.1/mdb.min.js" ></script> </body> </html>
Grzegorz Bujański staff answered 3 months ago
It seems one of our dependencies (
detect-autofill) is causing this problem. Unfortunately, I haven't been able to find a working solution that doesn't force using the
unsafe-inline keyword value.
Sorry for that. I'll add it to our to-do list, we'll try to fix it.
szaiftamas priority commented 3 months ago
Which feature have been disabled in this case exactly, without unsafe-inline? If I do not use it in my project, this error log is not a problem. -> Added more information at 2022-12-23 13:45 -> I continued the CSP integration and I realized to the unsafe-inline is mandatory.
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
- User: Priority
- Premium support: Yes
- Technology: MDB Standard
- MDB Version: MDB5 6.0.1
- Device: PC
- Browser: Firefox
- OS: Ubuntu Linux
- Provided sample code: No
- Provided link: Yes