UseActionState CSP errors | RedwoodSDK | Page 1

sinful locust Apr 19, 2025, 5:01 PM

#

I’m running into CSP (Content Security Policy) errors in my RedwoodSDK app when handling form submissions. The error happens if I use useActionState to submit a form. I guess that the nonce is not attached to the inline scripts that this hook could create.

dependencies": {
    "@redwoodjs/sdk": "0.0.60",
    "react": "19.1.0",
    "react-dom": "19.1.0",
  }

Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-MTMyODY4NDI0OTc2MTg5MTk4MjMyMjcxMjc2NzMyODUxOTkyMzM1NA==' <URL>". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

#

I bump the "@redwoodjs/sdk": "0.0.60", to 0.0.65 and it works!

blissful mantle Apr 20, 2025, 5:51 AM

#

Very weird, we'll try to reproduce, @twilit sleet

twilit sleet Apr 20, 2025, 6:04 AM

#

blissful mantle Very weird, we'll try to reproduce, <@927464430399291392>

Sounds like it's working now though - or do you mean looking into it even still @peterp?

blissful mantle Apr 20, 2025, 6:05 AM

#

Oh, sorry, I did not read the rest of the text.

twilit sleet Apr 20, 2025, 6:05 AM

#

I think it's that we are now giving react the nonce during SSR. Glad it working @sinful locust 🙂

#UseActionState CSP errors