karthikbp21
commented
6 months ago I can see there are 3 places where inline style has been added. Which should have been added using jQuery
Open karthikbp21 opened 6 months ago
karthikbp21
commented
6 months ago I can see there are 3 places where inline style has been added. Which should have been added using jQuery
Summarize your issue here.
Steps to reproduce
Tell us how to reproduce this issue.
I have used the jquery chosen plugin in the ruby on rails application.
Now we have added Content Security Policy with this configuration config.content_security_policy do |policy| policy.default_src :self, :https policy.font_src :self, :https, :data policy.img_src :self, :https, :data policy.object_src :none policy.script_src :self, :https policy.style_src :self, :https end
The Ui is messed up ,
4 . I am getting this error in browser console - Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-tJPRxlo7t/U4c74xGxAN1A=='". Either the 'unsafe-inline' keyword, a hash ('sha256-swWWFBTKQXm0oEF+bI6rqAGSUMQOxhhlwCWaO9mM1w0='), or a nonce ('nonce-...') is required to enable inline execution.
Additionally, please link to a working demo that shows the issue so we can attempt to reproduce. You can use this template as a base. Alternatively, confirm that the Chosen demo page shows the issue.
Expected behavior
It should work normal even CSP is switched on
Actual behavior
The inline styles are not getting added to the element
Environment
Chosen Version:
v1.8.7
jQuery or Prototype Version:
Jquery
Browser and Version:
Chrome lany version is fine
OS and Version:
Additional information
Any other information you want to share that is relevant to the issue being reported. This might include the lines of code that you have identified as causing the bug, or potential solutions and workarounds.