Remove unsafe Content-Security-Policy (CSP) directives for Kendo Controls

1 Answer 20 Views
Button Calendar DropDownList Grid Menu PanelBar TabStrip ToolTip
abdul
Top achievements
Rank 2
Iron
abdul asked on 14 May 2025, 05:32 PM

Hi,

We are using Kendo controls for MVC. There was a security scan done in our application, it capture few of the security issues.

We are able to fix all of the security issues except one.

CWE 829 - The application contains unsafe Content-Security-Policy (CSP) directives that could allow malicious script code to be included on the page.

So, as a result we have removed all the custom inline javascript and css to an external files and refer those external .js and .css files in our .cshtml page.

But when we use any of the Kendo controls like Kendo grid or Kendo calendar then in the runtime it create some inline scripts and we are getting application contains unsafe Content-Security-Policy (CSP) directives.

How to bypass those runtime inline scripts created by Kendo controls so that we don't get unsafe Content-Security-Policy (CSP) directives

during the security scan of the application.

Please let me know if you need any more information on this.

1 Answer, 1 is accepted

Sort by
0
Eyup
Telerik team
answered on 19 May 2025, 03:54 PM

Hi Abdul,

 

Thank you for reaching out.

The Telerik UI for MVC and the Kendo UI for jQuery support CSP compatibility:
https://www.telerik.com/aspnet-mvc/documentation/html-helpers/helper-basics/content-security-policy

To activate it, you can enable the <meta> tag provided in the article above and some changes in Global.asax and web.config files:
https://www.telerik.com/aspnet-mvc/documentation/html-helpers/helper-basics/deferred-initialization#deferring-components-globally

The only error you will see in the console is coming from the Trial message:

Which will go off when you are using the licensed assembly.

Please download and run the sample and let me know if you find this information helpful.

 

Regards,
Eyup
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Tags
Button Calendar DropDownList Grid Menu PanelBar TabStrip ToolTip
Asked by
abdul
Top achievements
Rank 2
Iron
Answers by
Eyup
Telerik team
Share this question
or