Kendo UI is breaking when using strict content-security-policy

1 Answer 37 Views
Grid Security
Top achievements
Rank 1
raju asked on 17 Dec 2021, 06:36 PM | edited on 18 Dec 2021, 05:41 AM


We are using the Content-Security-Policy in our ASP.NET MVC application and also using the Kendo UI controls.

Here are the details of the Content-Security-Policy:


  <add name="Content-Security-Policy" value="default-src https:;
object-src 'none';
script-src 'self' 'unsafe-eval' 'nonce-03148CFC65E74341814490514E0CEDD8';
style-src 'self' 'unsafe-inline';
img-src 'self' data:;
font-src 'self';
connect-src 'self';
form-action 'self';"></add>

The application is running as expected until we remove the "unsafe-eval" from the "script-src" and the web page is throwing the below error:




Please help us out.

Thanks & Regards

Raju Chauhan

1 Answer, 1 is accepted

Sort by
Anton Mironov
Telerik team
answered on 22 Dec 2021, 01:56 PM

Hi Raju,

Thank you for the code snippet, image, links, and details provided.

As in the first link and the following as well(in the last part) is pointed, the "unsafe-eval" is needed for the Content Security Policy.

I hope this information helps.

Kind Regards,
Anton Mironov
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at

Grid Security
Asked by
Top achievements
Rank 1
Answers by
Anton Mironov
Telerik team
Share this question