Topic: detect-autofill.js failing on Content Security Policy

szaiftamas priority asked 1 year ago

Expected behavior I would like to implement Content Security Policy, but the detect-autofill.js is failed on this. How can I solve this issue?

Actual behavior The detect-autofill.js is failed on CSP. This error is present in version 5.0.0 and 6.0.1

Resources (screenshots, code snippets etc.)

MDB CSP Test Page

<!DOCTYPE html>
    <title>MDB CSP Test</title>
    <meta http-equiv="Content-Security-Policy" content="default-src 'self';">
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <!-- Font Awesome -->
    <!-- Google Fonts -->
    <!-- MDB -->
    <div>Check the console log</div>
    <!-- MDB -->

enter image description here

Grzegorz Bujański staff answered 1 year ago

It seems one of our dependencies (detect-autofill) is causing this problem. Unfortunately, I haven't been able to find a working solution that doesn't force using the unsafe-inline keyword value.

Sorry for that. I'll add it to our to-do list, we'll try to fix it.

szaiftamas priority commented 1 year ago

Which feature have been disabled in this case exactly, without unsafe-inline? If I do not use it in my project, this error log is not a problem. -> Added more information at 2022-12-23 13:45 -> I continued the CSP integration and I realized to the unsafe-inline is mandatory.

r-langevoortlangsoftfdev-com priority commented 11 months ago

I too need a solution for this. I just bought this package for use in my website and now it turns out it is useless to me, because I cannot disable CSP. CSP nowadays has to be strict, and any packages sold on the web should be aware of that. This is simply not acceptable.

Can you pls let me know what I need to do to remove the offending code? So far, I haven't even been able to find the detect-autofill.js file in the zip file.

Kamila Pieńkowska staff commented 11 months ago

I will answer that in the thread you created.

Please insert min. 20 characters.


Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.



Specification of the issue

  • ForumUser: Priority
  • Premium support: Yes
  • Technology: MDB Standard
  • MDB Version: MDB5 6.0.1
  • Device: PC
  • Browser: Firefox
  • OS: Ubuntu Linux
  • Provided sample code: No
  • Provided link: Yes