-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better CSP support #677
Comments
As a workaround, you can inject a CSP nonce into the This can be done in: \Views\Partials\Forms\Themes\default\Script.cshtml (line 54):
This will ensure that any scripts injected by Umbraco.Forms have been whitelisted. |
This was first requested in 2016 and shut down when I requested it again (#16). Umbraco is normally so good at being secure by default. It would be really helpful to see these inline scripts finally moved into separate .js files by default. |
We've converted the instances of inline scripts into referenced files now, will be available in 8.11.0 and 9.3.0. |
Right now some of the theme files use inline scripts, this is not compatible with blocking inline scripts in CSP policy.
The text was updated successfully, but these errors were encountered: