iMMuNiTy
Reputation: 476
Getting content security policy error while hash is included
I have a problem although i have included (as you can see) the hash for inline style="height:18px" (attribute) i still get csp error (pages are in ghostjs )
Refused to apply inline style because it violates the following Content
Security Policy directive: "style-src 'self' maxcdn.bootstrapcdn.com
fonts.googleapis.com https://intercom.help/_assets
'sha256-HKIQe1rxf7BKTQyeVymEQz4wG30GqXPn7nokufiyhRk='".
Either the 'unsafe-inline' keyword, a hash
('sha256-HKIQe1rxf7BKTQyeVymEQz4wG30GqXPn7nokufiyhRk='), or a nonce ('nonce-...') is
required to enable inline execution.
Upvotes: 0
Views: 489
Answers (1)
iMMuNiTy
Reputation: 476
Content Security Policy whitelist hashes doesn't work for inline style attributes but only for inline styles. Maybe in CSP 3.0 will add this functionality
Works for
<style>
body { colod: red; }
</style>
But DOES NOT work for
<body style="color:red;">
</body>
Upvotes: 1
Related Questions
- Nginx CSP script hash blocked
- why is this content security policy violation telling me to add a hash that already exists?
- Sha hash not respected in CSP style-src
- Why doesn't Chrome respect my Content Security Policy hashes?
- CSP violation with hash
- Content Security Policy hash not recognized by Safari 13.1.2
- Content Security Policy hash not recognized by Safari 11.0.3
- Content Security Policy img-src hash of data url
- Content security policy not working
- 'Unrecognized Content-Security-Policy directive' error when specifying any domain