Missing CSP directives #96

sorentwo · 2024-06-21T17:06:00Z

The plug I am using to generate the nonce is PlugContentSecurityPolicy and the Oban Dashboard is configured to use the nonce via the csp_nonce_assign_key parameter.

https://gist.github.com/lolo-frank/f09289b0b2e70968fc5dd26179a5542c

When the dashboard is loaded with those settings, the only CSP error I haven't been able to resolve is:

Content-Security-Policy: The page’s settings blocked an inline style (style-src-attr) from being applied because it violates the following directive: “style-src 'nonce-Ltl0dBiQ25iOZ0han7gV8x723Mf2j0FZcWb7Z1e1Zq0' 'self'”

The nonce is set, but the error persists, I've included a screenshot of the FF dev tools below.

Is this a bug or a configuration issue on my end?

The text was updated successfully, but these errors were encountered:

fastjames · 2025-04-09T15:05:54Z

I think this issue is mostly solved, but I did find a few remaining inline styles. I opened a PR to replace them with classes here:

#117

sorentwo · 2025-04-09T17:38:22Z

@fastjames Is there anything else remaining now that those inline styles were removed?

sorentwo · 2025-04-10T12:34:19Z

Closing this under the assumption that last set of style changes closed it out. We'll track any other issues separately.

sorentwo added the kind:bug Something isn't working label Jun 21, 2024

sorentwo added this to the v2.11 milestone Jun 21, 2024

sorentwo closed this as completed Apr 10, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Missing CSP directives #96

Missing CSP directives #96

Missing CSP directives #96

Missing CSP directives #96

Comments