skip to Main Content

https://github.com/spatie/laravel-csp

https://github.com/frontegg/frontegg-vue

I Need help,

After i added the laravel csp the front egg vue login page not working.

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src ‘self’ https://fonts.googleapis.com ‘nonce-loop’ ‘unsafe-inline’ nonce-loop". Note that ‘unsafe-inline’ is ignored if either a hash or nonce value is present in the source list.

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src ‘self’ ‘nonce-loop’ ‘unsafe-inline’ nonce-loop". Note that ‘unsafe-inline’ is ignored if either a hash or nonce value is present in the source list.

Please help how to fix this issue ?

// frontegg
$this->addDirective(Directive::SCRIPT, 'https://assets.frontegg.com');
$this->addDirective(Directive::CONNECT, 'https://frontegg.com');
$this->addDirective(Directive::CONNECT, 'https://app-g6y1wrdhmmrt.frontegg.com');
$this->addDirective(Directive::IMG, 'https://fronteggprodeustorage.blob.core.windows.net');
$this->addDirective(Directive::STYLE, 'unsafe-inline');

check screenshot for more info

2

Answers


  1. Chosen as BEST ANSWER

    After few days of learning now i am able to fix this:

    $this->addDirective(Directive::SCRIPT, 'https://*.frontegg.com');
    $this->addDirective(Directive::SCRIPT, 'https://www.gstatic.com');
    $this->addDirective(Directive::SCRIPT, 'https://assets.frontegg.com');
    $this->addDirective(Directive::STYLE, 'https://*.frontegg.com');
    $this->addDirective(Directive::STYLE, 'https://www.gstatic.com');
    $this->addDirective(Directive::CONNECT, 'https://*.frontegg.com');
    $this->addDirective(Directive::IMG, 'https://fronteggprodeustorage.blob.core.windows.net');
    

  2. As the error message and https://www.w3.org/TR/CSP2/#directive-script-src say, if you specify hashes or nonces, you can’t specify ‘unsafe-inline’. You should remove ‘nonce-loop’ and nonce-loop from your policy. If you are going to use nonces they should be random and change with each payload.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search