Reputation: 1228
Laravel CSP how to allow inline styles in Laravel Mix Webpack
I am using the spatie/laravel-csp package to set CSP headers in a Laravel application. But the inline style could not be applied and refused with the following error.
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self.' 'nonce-TjpZGox5zGathTvJDeVMfxzHaOtWMc7v' 'unsafe-inline'".
Further detail.
- I am using Laravel 7.
- /spatie/laravel-csp 2.8
- "laravel-mix": "^5.0.1",
- and inertia with Vue 2
What I have tried so far.
- specify webpack_nonce @ entry file (main.js) webpack documentation
- Using inline scripts and styles as in spatie/laravel-csp documentation
Upvotes: 0
Views: 1536
Answers (2)
Reputation: 151
If you are using Laravel try specifying your webpack_nonce in the index.php file.
Upvotes: 0
Reputation: 2165
You can also do your CSP for styles by adding style-src 'self' 'unsafe-inline';
In your manifest file add this line :
"content_security_policy": "default-src 'self' style-src 'self' 'unsafe-inline';"
This will allow you to keep using the inline style in your extension.
Note: This is not recommended way to do style tag inline to prevent attacks.
Upvotes: -1
Related Questions
- Laravel Mix does not emit css
- Laravel 5.4 Webpack Mix - merge SCSS and CSS
- how to compile plain CSS with webpack.mix.js
- Compiling multiple CSS into ONE CSS with Laravel MIX
- Autoprefixer in laravel mix
- Laravel Mix Not Combining Styles
- Laravel Mix - prepend formatted comments to compiled css output
- How to avoid Laravel Mix overriding app.css
- Laravel Mix 4.0 can't combine global mix css with local file css
- How to Minify CSS with Laravel Mix