Topic: detect-autofill.js failing on Content Security Policy
szaiftamas priority asked 11 months ago
Expected behavior I would like to implement Content Security Policy, but the detect-autofill.js is failed on this. How can I solve this issue?
Actual behavior The detect-autofill.js is failed on CSP. This error is present in version 5.0.0 and 6.0.1
Resources (screenshots, code snippets etc.)
<!DOCTYPE html> <html> <head> <title>MDB CSP Test</title> <meta http-equiv="Content-Security-Policy" content="default-src 'self' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/;"> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!-- Font Awesome --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet" /> <!-- Google Fonts --> <link href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap" rel="stylesheet" /> <!-- MDB --> <link href="https://cdnjs.cloudflare.com/ajax/libs/mdb-ui-kit/6.0.1/mdb.min.css" rel="stylesheet" /> </head> <body> <div>Check the console log</div> <!-- MDB --> <script src="https://cdnjs.cloudflare.com/ajax/libs/mdb-ui-kit/6.0.1/mdb.min.js" ></script> </body> </html>
It seems one of our dependencies (
detect-autofill) is causing this problem. Unfortunately, I haven't been able to find a working solution that doesn't force using the
unsafe-inline keyword value.
Sorry for that. I'll add it to our to-do list, we'll try to fix it.
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
- User: Priority
- Premium support: Yes
- Technology: MDB Standard
- MDB Version: MDB5 6.0.1
- Device: PC
- Browser: Firefox
- OS: Ubuntu Linux
- Provided sample code: No
- Provided link: Yes