CSP is throwing error while clicking on Radzen Profile Menu Component

Ganpath_Patel · November 21, 2024, 9:29am

Hi All,

Iam getting content security policy error while clicking on Radzen Profile Component. The error is:
[Report Only] Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

Even the inspect console is not able to figure out where the javascript code is coming from.

Thanks in Advance.

enchev · November 21, 2024, 9:31am

There are instructions related to CSP in our getting started:

Ganpath_Patel · November 21, 2024, 10:03am

Thank you for your quick reply. But is it safe to add unsafe-inline in content security policy script tag

enchev · November 21, 2024, 10:22am

This is what is required by Raden.Blazor components.

Ganpath_Patel · November 21, 2024, 10:33am

Ok, Thanks for the reply. I was able to resolve this issue for css using sha256 generated from console of chrome. But it doesnt seem possible for javascript as the sha256 is not generated and code is impossible to find.

korchev · November 21, 2024, 10:44am

Code is not impossible to find - everything is in our github repository.