search

creativetimofficial / ct-material-dashboard-pro

Material Dashboard Pro - Premium Bootstrap 5 Admin
https://demos.creative-tim.com/material-dashboard-pro/pages/dashboards/analytics
116 stars 28 forks source link

CSP violation with sidebar-background append #244

Closed jtallinger closed 5 years ago

jtallinger commented 5 years ago

Hi,

[Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-...'". Either the 'unsafe-inline' keyword, a hash ('sha256-...='), or a nonce ('nonce-...') is required to enable inline execution.

Caused by $sidebar.append in material-dashboard.js (2.1.0):

checkSidebarImage: function() {
    $sidebar = $('.sidebar');
    image_src = $sidebar.data('image');

    if (image_src !== undefined) {
      sidebar_container = '<div class="sidebar-background" style="background-image: url(' + image_src + ') "/>';
      $sidebar.append(sidebar_container);
    }
  }

My workaround, add sidebar-background div in standard layout:

<div class="sidebar-wrapper">
    ...
    <div class="sidebar-background"></div>
</div>

Change function to:

checkSidebarImage: function() {
    $sidebar = $('.sidebar');
    image_src = $sidebar.data('image');

    if (image_src !== undefined) {
      $('.sidebar-background').css("background-image", "url(" + image_src + ")");
    }
  }
groovemen commented 5 years ago

Hello @jtallinger,

Thank you for using our products and for your feedback, I will talk with the team and we will integrate your solution into the next update.

Please let us know if we can help you with anything else. All the best, Stefan