We are currently updating our security, and need to tighten content security policy, blocking the use of script-src 'unsafe-eval' & style-src 'unsafe-inline'. We noticed that Telerik UI for Blazor will not work correctly when these policies are applied, as specified in the docs https://docs.telerik.com/blazor-ui/troubleshooting/csp.
It is mentioned that "Some of the above-listed limitations will be addressed in a future version of Telerik UI for Blazor." Is there a more specific timeline as to when this issue will be solved?
1 Answer, 1 is accepted
0
Hi Bram,
We have such a work item for late 2023, but its status is under consideration, so I can't confirm anything officially.
Regards,
Dimo
Progress Telerik
Stay tuned by visiting our public roadmap and feedback portal pages! Or perhaps, if you are new to our Telerik family, check out our getting started resources!
Ali
commented on 08 Aug 2023, 02:04 PM
Top achievements
Rank 1
Rank 1
Hi,
Awaiting official confirmation for this.
Not sure if you have gotten around this. With 3 days of work I managed to download the source code and modify all the blazor components to embed a NONCE. I then pass this down to all components from my _Host file. I have been waiting for years on this, if they did not provide the source code then I would most likely not have stuck around.