We are using high level API in MVC application. We found that while sending assertion there is a dom inline script in the page which submit the form causing violation of Content Security Policy (CSP).
Is there any option to overcome this issue? We will not prefer to use ‘unsafe-inline’ script directive.
Component Space version : 2.5.0.16
Thanks in advance.
Jagath
Hi Jagath
Better support for CSP was added in v3.1.0.
The best option would be to upgrade to this version. Please email sales@componentspace.com.
Alternatively, you can replace the default HTML template and JavaScript that’s used to support the HTTP-Post binding.
This can be done through the HTTPPostBinding.HTMLFormTemplate property.
You then have the option to identify the JavaScript by nonce or hash and include it in your policy.
Alternatively, you could remove the inline JavaScript entirely to a separate JavaScript file served from your site.
More details about CSP support in the current release may be found in the “Content-Security-Policy Header Support” section of the Developer Guide.
https://componentspace.com/Forums/8231/Developer-Guide
[quote][/quote]
Hi Jagath
Better support for CSP was added in v3.1.0.
The best option would be to upgrade to this version. Please email sales@componentspace.com.
Alternatively, you can replace the default HTML template and JavaScript that's used to support the HTTP-Post binding.
This can be done through the HTTPPostBinding.HTMLFormTemplate property.
You then have the option to identify the JavaScript by nonce or hash and include it in your policy.
Alternatively, you could remove the inline JavaScript entirely to a separate JavaScript file served from your site.
More details about CSP support in the current release may be found in the "Content-Security-Policy Header Support" section of the Developer Guide.
https://componentspace.com/Forums/8231/Developer-Guide
Better support for CSP was added in v3.1.0.
The best option would be to upgrade to this version. Please email sales@componentspace.com.
Alternatively, you can replace the default HTML template and JavaScript that's used to support the HTTP-Post binding.
This can be done through the HTTPPostBinding.HTMLFormTemplate property.
You then have the option to identify the JavaScript by nonce or hash and include it in your policy.
Alternatively, you could remove the inline JavaScript entirely to a separate JavaScript file served from your site.
More details about CSP support in the current release may be found in the "Content-Security-Policy Header Support" section of the Developer Guide.
https://componentspace.com/Forums/8231/Developer-Guide
Thanks for the quick response.
Jagath
You’re welcome.