Generated CSP header has unsafe-hashes inside style-src
#99
Unanswered
lanzosuarez
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi, everyone, any idea why
unsafe-hashesinsidestyle-srcdirective is necessary when usingstrictyInlineStylesandtrustifyStyles: true? Cause if it's for allowing inline styles, according to MDN, the inline style's hash is enough.Thanks for answering my question!
Example:
Content-Security-Policy: style-src 'sha256-ozBpjL6dxO8fsS4u6fwG1dFDACYvpNxYeBA6tzR+FY8='Source:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
Beta Was this translation helpful? Give feedback.
All reactions