Ckeditor is not working with CSP settings enabled where I have removed the Unsafe-inline and Unsafe-Eval from CSP. Is there any script which is causing the issue which I can add to CSP settings or is there any work around for this?
Hi Sudhanshu,
I had the same issue. Did you update CKEditor to the latest version?
Also, I entered the following to get it to work:
script-src:
'unsafe-eval' self
style-src:
'unsafe-inline' self
Do you have the same? Maybe you added the CSP at the wrong input.
Hope this helps.
KR,
David
Typically, when a CSP error occurs, it is displayed in the Service Center. Could you please copy the error message from the Service Center and paste it here?
Additionally, I’m sharing the CSP settings where the error does not occur for reference:
Base-URI:
self
Child-src:
gap:
Connect-src:
Default-src:
Script-src:
After changing your CSP settings, clicking Apply Configurations alone is not sufficient. Please go to your environment and publish all environment solutions to ensure the changes take effect.
Thank you.
I think should check the version of CKEfitor, too. Some versions have vulnerable security