jquery.min.js
jd5am opened this issue · 1 comments
Hi there -- I am investigating the use of secure-headers on our site but have hit a problem with regards the enabling of CSP.
We see the following:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 'nonce-NmY3M2YwOTQ5MmQyOTEyMg==' 'nonce-MzQ5Y2RmNzhhMDdkNTRmMw==' 'nonce-MzBlMzg0YmZhN2MzNjk5Ng==' fonts.gstatic.com ajax.googleapis.com code.jquery.com googletagmanager.com google-analytics.com s3.eu-west-2.amazonaws.com cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com unpkg.com google.com cdn.jsdelivr.net gitcdn.github.io checkout.stripe.com fonts.googleapis.com code.ionicframework.com data:". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.
which points to our self-hosted jquery.min.js file.
We do not face any other issues and CSP works fine for other script and styles.
Would appreciate any help or pointers.
Thanks
This is not related to jquery.min.js
.
The error says 'unsafe-inline' was ignored because you had used nonce
in your style-src
directive.