1. MDB Home Page
  2. Support Main Page
  3. MDB Standard
Topic: detect-autofill.js failing on Content Security Policy

szaiftamas priority asked 3 months ago

Expected behavior I would like to implement Content Security Policy, but the detect-autofill.js is failed on this. How can I solve this issue?

Actual behavior The detect-autofill.js is failed on CSP. This error is present in version 5.0.0 and 6.0.1

Resources (screenshots, code snippets etc.)

MDB CSP Test Page

<!DOCTYPE html>
<html>
  <head>
    <title>MDB CSP Test</title>
    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/;">
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <!-- Font Awesome -->
    <link
      href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css"
      rel="stylesheet"
      />
    <!-- Google Fonts -->
    <link
      href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap"
      rel="stylesheet"
      />
    <!-- MDB -->
    <link
      href="https://cdnjs.cloudflare.com/ajax/libs/mdb-ui-kit/6.0.1/mdb.min.css"
      rel="stylesheet"
      />
  </head>
  <body>
    <div>Check the console log</div>
    <!-- MDB -->
    <script
      src="https://cdnjs.cloudflare.com/ajax/libs/mdb-ui-kit/6.0.1/mdb.min.js"
    ></script>
  </body>
</html>

enter image description here

Grzegorz Bujański staff answered 3 months ago

It seems one of our dependencies (detect-autofill) is causing this problem. Unfortunately, I haven't been able to find a working solution that doesn't force using the unsafe-inline keyword value.

Sorry for that. I'll add it to our to-do list, we'll try to fix it.

szaiftamas priority commented 3 months ago

Which feature have been disabled in this case exactly, without unsafe-inline? If I do not use it in my project, this error log is not a problem. -> Added more information at 2022-12-23 13:45 -> I continued the CSP integration and I realized to the unsafe-inline is mandatory.
Write
Create snippet
Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Status

Answered

Specification of the issue
  • User: Priority
  • Premium support: Yes
  • Technology: MDB Standard
  • MDB Version: MDB5 6.0.1
  • Device: PC
  • Browser: Firefox
  • OS: Ubuntu Linux
  • Provided sample code: No
  • Provided link: Yes
Tags
detect-autofill.js content-security-policy csp
About author
szaiftamas
15Support score
4Questions 0Answers 0Snippets