In our React application, we're integrating the HereMap API. However, due to security concerns, we've avoided using "unsafe-inline" in our Nginx configuration. Instead, we opted for SHA-256 to permit all external URLs. Even after adding the SHA-256 hash to our nginx CSP for "style-src", we're still encountering errors.
Either the 'unsafe-inline' keyword, a hash ('sha256-'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
We have already added sha-256 in our nginx.
In our React application, we're integrating the HereMap API. However, due to security concerns, we've avoided using "unsafe-inline" in our Nginx configuration. Instead, we opted for SHA-256 to permit all external URLs. Even after adding the SHA-256 hash to our nginx CSP for "style-src", we're still encountering errors. Either the 'unsafe-inline' keyword, a hash ('sha256-'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. We have already added sha-256 in our nginx.