https://github.com/spatie/laravel-csp
https://github.com/frontegg/frontegg-vue
I Need help,
After i added the laravel csp the front egg vue login page not working.
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src ‘self’ https://fonts.googleapis.com ‘nonce-loop’ ‘unsafe-inline’ nonce-loop". Note that ‘unsafe-inline’ is ignored if either a hash or nonce value is present in the source list.
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src ‘self’ ‘nonce-loop’ ‘unsafe-inline’ nonce-loop". Note that ‘unsafe-inline’ is ignored if either a hash or nonce value is present in the source list.
Please help how to fix this issue ?
// frontegg
$this->addDirective(Directive::SCRIPT, 'https://assets.frontegg.com');
$this->addDirective(Directive::CONNECT, 'https://frontegg.com');
$this->addDirective(Directive::CONNECT, 'https://app-g6y1wrdhmmrt.frontegg.com');
$this->addDirective(Directive::IMG, 'https://fronteggprodeustorage.blob.core.windows.net');
$this->addDirective(Directive::STYLE, 'unsafe-inline');
2
Answers
After few days of learning now i am able to fix this:
As the error message and https://www.w3.org/TR/CSP2/#directive-script-src say, if you specify hashes or nonces, you can’t specify ‘unsafe-inline’. You should remove ‘nonce-loop’ and nonce-loop from your policy. If you are going to use nonces they should be random and change with each payload.