Hello Community,
When ever I load into a page I see these two errors and was hoping to get some insight and solution. As part of platform upgrade the unsafe-inline and unsafe-eval directives are turned off (and I don't want to add them back) and I am getting these errors and they are filling up the logs
First error:
Content Security Policy blocked 'inline'
Cause: Something in your page (like blocks, style="..." attributes, or JavaScript element.style=...) is using inline styles, but your CSP has style-src 'self' only (no 'unsafe-inline' allowed).
Fix:
• Move inline styles into a CSS file.
• If you must keep inline styles, use a CSP nonce or hash instead of 'unsafe-inline'.
• Update CSP like style-src 'self' 'nonce-' and then apply the same nonce to inline styles.
Second error:
Content Security Policy blocked 'wasm-eval'
Cause: Some script or library is trying to use eval() or WebAssembly dynamic compilation (wasm-eval). But your CSP has script-src 'self' only (no 'unsafe-eval' allowed).
• Remove or replace the library that depends on eval or wasm-eval.
• If unavoidable, update CSP with script-src 'self' 'unsafe-eval' (but this reduces security).
Reference
https://success.outsystems.com/documentation/10/managing_the_applications_lifecycle/secure_the_applications/apply_content_security_policy