After adding react-diagrams:6.7.0 to my dependencies, Chrome started gives me errors regarding inline-scripts and inline-styles and I had to modify the policy to include some safe hashes coming from the vendors.chunk.js webpack build:
This would be acceptable and CSP compliant but actually it does not work, in fact I still get errors for two styles with the following hashes (reported by Chrome):
'sha256-NerDAUWfwD31YdZHveMrq0GLjsNFMwxLpZl0dPUeCcw='
'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='
The error still appear even if the hashes are marked as safe in the policy, searching a little bit i've found out that it could be because hashes do not apply to inline event handlers,
Hi, For my React application i'm using a Content-Security-Policy as the following:
After adding react-diagrams:6.7.0 to my dependencies, Chrome started gives me errors regarding inline-scripts and inline-styles and I had to modify the policy to include some safe hashes coming from the vendors.chunk.js webpack build:
This would be acceptable and CSP compliant but actually it does not work, in fact I still get errors for two styles with the following hashes (reported by Chrome): 'sha256-NerDAUWfwD31YdZHveMrq0GLjsNFMwxLpZl0dPUeCcw=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='
The error still appear even if the hashes are marked as safe in the policy, searching a little bit i've found out that it could be because hashes do not apply to inline event handlers,