I have below code in my xyz.js file.
init : function() {
if (!this.iframe) {
this.iframe = document.createElement("iframe");
this.iframe.src = "javascript:false;";
document.body.appendChild(this.iframe);
and I have update the code from unsafe-inline to nonce
in above code i am calling document.body.appendChild(this.iframe);
and getting below error
1683098036010:402 Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-EDNnf03nceIOfn39fn3e9h3sdfa' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present
I have tried to add nonce as below but it's not working
this.iframe.nonce = "EDNnf03nceIOfn39fn3e9h3sdfa";
this.iframe.script='nonce="EDNnf03nceIOfn39fn3e9h3sdfa"';
this.iframe.script.nonce="EDNnf03nceIOfn39fn3e9h3sdfa";
this.iframe.setAttribute('nonce', "EDNnf03nceIOfn39fn3e9h3sdfa");
As in code i have set this.iframe.src = "javascript:false;"; this should not throw that error.
can anyone please provide the update on this
Issue is in this.iframe.src = "javascript:false;";
.
I have updated this line to this.iframe.src = "about:blank;";
For more please refer iframe without an src attribute