Hi ,
I am testing trail version of v2023.1.117 Kendo UI for jquery. I have upgraded jquery version to the latest .
I am trying to implement CSP header in the web pages using meta tag.
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'sha256-lzhPGNqxpwmBda/ftMrdga7dSTDWPq2rpjz66R6TVFw=' http://localhost:9000/xxxx/js/lib; script-src 'self' 'sha256-lzhPGNqxpwmBda/ftMrdga7dSTDWPq2rpjz66R6TVFw=' http://localhost:9000/xxxx/js/lib; style-src 'self' 'sha256-lzhPGNqxpwmBda/ftMrdga7dSTDWPq2rpjz66R6TVFw=' http://localhost:9000/xxxx/js/lib;">
I am getting an error , i can't use unsafe tag in the CSP. Any thought what am i missing.
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'sha256-lzhPGNqxpwmBda/ftMrdga7dSTDWPq2rpjz66R6TVFw=' http://localhost:9000/recon/js/lib". Either the 'unsafe-inline' keyword, a hash ('sha256-g6wc7vdud1aSmTLcpHjWXR0Wfvqff5mhy00lnnvIu5c='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
Xt @ kendo.all.js:313050
t.attachTo @ kendo.all.js:313050
t.load @ kendo.all.js:313050
i.draw @ kendo.all.js:313050
draw @ kendo.all.js:313050
_redraw @ kendo.all.js:313050
(anonymous) @ kendo.all.js:313050
Re.loadFonts @ kendo.all.js:313050
Re.preloadFonts @ kendo.all.js:313050
init @ kendo.all.js:313050
_createChart @ kendo.all.js:313050
_initChart @ kendo.all.js:313050
_initDataSource @ kendo.all.js:313050
init @ kendo.all.js:313050
(anonymous) @ kendo.all.js:313050
each @ jquery-3.6.3.min.js:2
each @ jquery-3.6.3.min.js:2
t.fn.<computed> @ kendo.all.js:313050
e @ jquery-3.6.3.min.js:2
t @ jquery-3.6.3.min.js:2
Thanks in advance