Solairaj S
Reputation: 1
Strict CSP(Content-Security Policy) with nonce method not working Angular V18.1 Build Chunk files
I tried all the prod configuration in angular files also. it's not working:
"optimization": true,
"sourceMap": false,
"outputHashing": "all",
"namedChunks":false
solution with strict csp policy without applying the inline
I'm Working as a full stack of Angular + django stack
As per VA they are recommending to implement a strict CSP Policy.
The below policy is blocking that angular build files
CSP_DEFAULT_SRC = ("'self'",)
CSP_SCRIPT_SRC = ("'self'","'nonce-rAnd0m'")
CSP_STYLE_SRC = ("'self'","'nonce-rAnd0m'",)
CSP_PRELOAD_SRC = ("'self'","'nonce-rAnd0m'")
CSP_IMG_SRC = ("'self'", "data:")
CSP_FONT_SRC = ("'self'",)
This error is showing
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-rAnd0m'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution.
Upvotes: 0
Views: 30
Answers (0)
Related Questions
- reCAPTCHA with Content Security Policy
- content security policy for svg with inline style
- Content Security Policy "data" not working for base64 Images in Chrome 28
- Jenkins Content Security Policy
- Refused to load the script because it violates the following Content Security Policy directive
- Laravel CSP (content security policy) frontegg ui integrate issue
- Working on CSP headers, seeing console browser as Refused to execute inline script because it violates the following Content Security Policy directive
- Angular 5 & ASP.Net Core with (CSP) Content Security Policy