#Auto CSP Error

3 messages · Page 1 of 1 (latest)

manic forum
# 
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'strict-dynamic' 'sha256-lxruP/GUT5SHo3Hi18U7zp9MDVNM5Zn9NDVhbptQFwA=' https: 'unsafe-inline'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

Styles aren't loading correctly, although the scripts all seems to be working.

You can see for yourself here: https://brainfry-app.web.app/
And the code is here: https://github.com/rgant/brainfry/blob/c7ba05dec689d748363fc0c4febe4a1eec7109e3/angular.json#L37

  "projects": {
    "brainfry": {
      "architect": {
        "build": {
          "configurations": {
            "production": {
              "security": {
                "autoCsp": true
GitHub
brainfry/angular.json at c7ba05dec689d748363fc0c4febe4a1eec7109e3 ·...

Bespoke pub quiz app using Terraform, Firebase, and Angular. - rgant/brainfry

manic forum
#

I've traced the problem to this onload in the style tag:

<link rel="stylesheet" href="styles-T5VOQUP7.css" media="print" onload="this.media='all'">

Unsure why Angular is doing that media change... seems like it shouldn't be.

#

Does anyone know what causes that onload in production and how I might be able to disable it?