maige-app[bot]
commented
10 months ago Thank you for reporting this issue. We have labeled it accordingly and our team will look into it. If you have any additional information or steps to reproduce the problem, please provide them to assist in resolving the issue more efficiently.
By Maige. How's my driving?
Found a bug? Please fill out the sections below. 👍
Issue Summary
When viewing any booking page on cal.com, i.e https://cal.com/username/event-name
There is an error in console log: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'nonce-[NONCE-REDACTED]==' 'strict-dynamic' 'self' 'unsafe-inline' https:". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.
The form itself still seems to work but when embedding the booking forms using the embed code provided you get the same issue on where the code is embedded and it causes issues like lag with going forward and back across pages.
Steps to Reproduce
Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?
Actual Results
Embedding any booking calendar causes website issues and lag going forward and back in browser, makes it unusable
Expected Results
Embed a booking calendar on website without any security console logs or it causing any issues with navigation.
Technical details
Browsers tested: Latest Chrome Windows 11 Latest Edge Windows 11
Console log error: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'nonce-[NONCE-REDACTED]==' 'strict-dynamic' 'self' 'unsafe-inline' https:". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.
Evidence
Tried all methods of embedding, all result in same error, even page hosted on cal.com has same console error.
CAL-2952