Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CSP errors on production website #791

Open
quietbits opened this issue Mar 20, 2024 · 2 comments · Fixed by #884
Open

Fix CSP errors on production website #791

quietbits opened this issue Mar 20, 2024 · 2 comments · Fixed by #884
Assignees
Labels

Comments

@quietbits
Copy link
Contributor

Follow this guide: https://nextjs.org/docs/pages/building-your-application/configuring/content-security-policy

image

@quietbits quietbits added the v2 label Mar 20, 2024
@quietbits quietbits self-assigned this Mar 20, 2024
@quietbits quietbits added this to DevX Mar 20, 2024
@github-project-automation github-project-automation bot moved this to Backlog in DevX Mar 20, 2024
@quietbits quietbits moved this from Backlog to In Progress in DevX Mar 20, 2024
@quietbits quietbits moved this from In Progress to Blocked in DevX Mar 25, 2024
@quietbits
Copy link
Contributor Author

I haven't found a fix for some errors we're still getting in production. I'll keep checking for possible solutions.

@quietbits quietbits moved this from Blocked to Todo in DevX Jun 12, 2024
@quietbits quietbits linked a pull request Jun 18, 2024 that will close this issue
@leighmcculloch
Copy link
Member

Seeing this error at the moment:

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://fonts.googleapis.com 'nonce-M2JhZjY3ZDMtNjQ5Zi00NzJmLWI2ZDUtMDdhOWNkY2IwNjg4'". Either the 'unsafe-inline' keyword, a hash ('sha256-0dn9frA6zMLUxFqgdCnR2jU1JeHtRbwSNg3sWvVb9Bs='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: Blocked
Development

Successfully merging a pull request may close this issue.

2 participants