Refused to apply inline style because it violates the following Content Security Policy
I was trying to use inline styling, but suddenly the console is giving this error and ain't letting me do one important task.
each review in tour.reviews
.mc_reviews
.mcr_top
.mcrt_left
.mcrtl_pic
.mcrtlp_container
img(src=`images/users/${review.user.photo}`)
.mcrtl_name= `${review.user.name}`
.mcrt_mid
.mcrt_right
img(src='/images/star.png')
img(src='/images/star.png')
img(src='/images/star.png')
img(src='/images/star.png')
img(src='/images/star.png')
.mcrtr_overlay(style={'width': `${(review.rating)*20}%`})
.mcr_bottom= `"${review.review}"`
The above is a pug template where you can easily spot the inline content.
The inline style will help me color the stars based on rating of each reviewer.
Now that the issue is disturbing me!
I already have used the below code which I got from another post on stack overflow:
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'", 'data:', 'blob:'],
fontSrc: ["'self'", 'https:', 'data:'],
scriptSrc: ["'self'", 'unsafe-inline'],
scriptSrc: ["'self'", 'https://*.cloudflare.com'],
scriptSrcElem: ["'self'",'https:', 'https://*.cloudflare.com'],
styleSrc: ["'self'", 'https:', 'unsafe-inline'],
connectSrc: ["'self'", 'data', 'https://*.cloudflare.com']
},
})
);
I have also gone through many similar solutions, but none of them is working.
Please help!!!
Solution
The problem is that you are inserting inline style attributes. You have multiple options in security preferred order:
- Rewrite the code to add css class names instead of modifying style.
- Add the hash values corresponding to the 5 star ratings. The must be added with single quotes in the policy along with 'unsafe-hashes'.
- Add single quotes to unsafe-inline as "'unsafe-inline'" in your code. You're currently adding the source unsafe-inline, which is treated as a host-source not a keyword.
- Is it possible to pull css values with HTA javascript?
- Unable to make the animation function in Tailwind CSS
- CSS selector for first element with class
- Using margin:auto to vertically-align <div>
- how to change angular stepper progress color when next step active
- How to get the grid coordinates of an element using JavaScript?
- How to stop dark mode at inline css?
- Unable to make text bold in SVG
- Extend "grid-lines" beyond a CSS grid
- Show hide divs on click in HTML and CSS without jQuery
- input type color default color input as HEX
- Enable content on row hover in Blazor wasm
- Can't vertical scroll page on mobile devices with full width PrimeNg carousel
- Using custom HTML Tags
- Why is ccsnano messing up the css of bootstrap styles in gulp builder?
- Giving wrapped flexbox items vertical spacing
- force element to display outside of overflow:hidden
- How do I make the text that is inside a half capsule shape?
- Capsule shape using border-radius without a set width or height?
- Using css how so I create a pill shape which is circular on one side and angled on the other?
- How to make a pill shape button with HTML and CSS?
- Modal fixed position content shift
- Change text with a CSS3 animation?
- Changing the Style of a specific element by Checkbox:Checked
- slideDown jumps abruptly at the end
- Why doesn't CSS nesting appended nesting selector work within pseudoselectors?
- How to show empty date picker in Material UI- REACT?
- Formatting a nested table in HTML
- How can I center text (horizontally and vertically) inside a div block?
- How to use CSS files with <s:head> tag in Struts 2?