Generated CSP header has unsafe-hashes inside style-src
#99
Unanswered
lanzosuarez
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, everyone, any idea why
unsafe-hashesinsidestyle-srcdirective is necessary when usingstrictyInlineStylesandtrustifyStyles: true? Cause if it's for allowing inline styles, according to MDN, the inline style's hash is enough.Thanks for answering my question!
Example:
Content-Security-Policy: style-src 'sha256-ozBpjL6dxO8fsS4u6fwG1dFDACYvpNxYeBA6tzR+FY8='Source:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
Beta Was this translation helpful? Give feedback.
All reactions