search

ankane / chartkick

Create beautiful JavaScript charts with one line of Ruby
https://chartkick.com
MIT License
6.33k stars 565 forks source link

Chart #592

Closed berti92 closed 2 years ago

berti92 commented 2 years ago

If you set policy.script_src :self, :https in the config/content_security_policy.rb, then it's not possible to use this gem. Chrome will raise an error in the console:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https:". Either the 'unsafe-inline' keyword, a hash ('XXXXXXXXXX'), or a nonce ('nonce-...') is required to enable inline execution.

Is this known and do you fix this or do I need to change some settings in the gem?

Thank you very much :)

ankane commented 2 years ago

Hey @berti92, check out the docs for how to configure CSP.