we are working to fix the issue with Kendo-CSP for ASP.Net MVC with jQuery Kendo UI. In our application currently, we are using Kendo grids, dropdowns, and popups.
Initially, we have implemented the below changes for CSP.
- Update to jQuery 3.6.4
- Generated the Dynamic nonce numbers and applied nonce for inline scripts
- Ajax calls replaces with Jquery get/post methods.
- Removed all styles and replaced them with bootstrap classes.
- Onclik and Onchanges events replace with javascript addevent listeners.
- added the Unsafe prefix in the configuration (waiting for the Kendo 2023 R1 version)
Recently we got a new version of Telerik R1 2023, Replaced the below files for Upgrade.
- Kendo.mvc.dll
- kendo.aspnetmvc.js
- kendo.all.min.js
we tried with new changes of kendo, without Unsafe prefix but it's throwing dynamic script errors, kendo controles not working. Our assumption is there are dynamic inline script Generations for Kendo controls which not contains nonce which may cause an issue.
We also tried with Deferred-Script but no use.
we are facing console issues related to Style and Scripts. Help me out.
Thanks.