Cannot Update Content Security Policy #773
Comments
|
The CSP is located in the index.html page, you'll want to remove them from there directly. If you build/deploy from webpack after making those changes it should get pushed out to your implementation of the web ui. |
|
We have already updated the CSP successfully, but we are unable to load our application without unsafe-inline/unsafe-eval. Do you have any guidance on what needs to be included in our CSP if we need to remove unsafe-inline/unsafe-eval? We have already included our needed domain. |
|
The VueJS requires the unsafe-eval to function (it appears the runtime version - vue.runtime.global.prod.min.js - is fully CSP compatible but I was never able to get that to work properly, we use the vue.global.prod.min.js). Vuetify used to required unsafe-inline but it appears you can use a nonce now, I will look into doing that for the next release so we can remove unsafe-inline. |
Hi,
I am currently trying to update the content security policy to not include unsafe-inline or unsafe-eval. I have included necessary domains in the CSP but it is not working as expected. Is there a standard process for updating CSP for lex-web-ui and can you give us some insight on how to remove unsafe-inline and unsafe-eval when running/deploying the application with webpack?
Thanks!
The text was updated successfully, but these errors were encountered: