0

I want to deploy a Nuxt application but I have a problem with Csp. I added all the Sha256 to my Csp but some lines are still stuck. I think it's the lines with :style="". What would be the solution? Is it really risky to add an "unsafe-inline"?

Everything works if I add "unsafe-inline" but I'm not sure that's great for site security. I also specify that all my other Headers are well configured

Kor
  • 41
  • 2

1 Answers1

0

If you add hashes for event attributes such as onclick, onerror etc, it won't work. You can make it work if the browser has implemented full support for 'unsafe-hashes', but there are likely still a lot of users who are not at that level. Otherwise you'll need to rewrite the event attributes to event listeners if you don't want to add 'unsafe-inline'.

Halvor Sakshaug
  • 2,583
  • 1
  • 6
  • 9