Replies: 1 comment
-
|
@Inzendis this has now been patched in version |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Anyone has gone through this? If I enable inline script then it works, if not then it doesn't and I can see in the client console that something is being blocked. I don't have external scripts or cdn, im just using SVGs and Framer Motion.
If it helps:
"Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash (''), or a nonce ('nonce-...') is required to enable inline execution."
On line 1
Clearly I can put 'unsafe-inline' but wouldnt enable scripts that are not mine? Im very new to this so thats why I'm a bit clueless.
const cspHeader = frame-ancestors 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' .replace(/\n/g, "") .trim(); const response = NextResponse.next(); response.headers.set("Content-Security-Policy", cspHeader);Beta Was this translation helpful? Give feedback.
All reactions