-
Notifications
You must be signed in to change notification settings - Fork 842
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check #1139 flag #1620
Comments
@krausest Hello! I will try to fix this issue as soon as possible. Tell me, please, until this is fixed, do I need to manually add such a line to package.json? |
This week I will then make a PR adding a line about this issue. I would have added earlier, I just didn’t know about it. Sorry. 😕 |
No problem, I failed to check the CSP regularly. I added the flag for all frameworks where needed. |
OK. Then, as I understand it, I will not load a separate pr with the addition of this flag for now. In general, in any case, the problem with CSP is clear. I will then make corrections on this topic to make the framework safer for users. |
Yes. If you have the corrections ready you can remove the 1139 flag in package.json in the PR. |
Okay |
The check if an implementation works with a content security policy hasn't been run regularly.
The following frameworks fail with CSP and currently haven't flag #1139 set with the following error "Refused to apply inline style because it violates the following Content Security Policy directive" (due to 'style-src-elem'). Can you please check if you can remove that inline styling?
In contrast to the other CSP violations in this case the page works fine, so it could be fixable (or maybe ignorable on my side?).
The following frameworks fail with CSP and currently haven't flag #1139 set with the following error "Refused to execute inline script".
I'll perform some additional checks and then add the #1139 to package.json for those frameworks.
The text was updated successfully, but these errors were encountered: