chosen
chosen copied to clipboard
harvesthq
Content Security Policy
Summarize your issue here.
Steps to reproduce
Tell us how to reproduce this issue.
-
I have used the jquery chosen plugin in the ruby on rails application.
-
Now we have added Content Security Policy with this configuration config.content_security_policy do |policy| policy.default_src :self, :https policy.font_src :self, :https, :data policy.img_src :self, :https, :data policy.object_src :none policy.script_src :self, :https policy.style_src :self, :https end
-
The Ui is messed up ,
4 . I am getting this error in browser console - Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-tJPRxlo7t/U4c74xGxAN1A=='". Either the 'unsafe-inline' keyword, a hash ('sha256-swWWFBTKQXm0oEF+bI6rqAGSUMQOxhhlwCWaO9mM1w0='), or a nonce ('nonce-...') is required to enable inline execution.
Additionally, please link to a working demo that shows the issue so we can attempt to reproduce. You can use this template as a base. Alternatively, confirm that the Chosen demo page shows the issue.
Expected behavior
It should work normal even CSP is switched on
Actual behavior
The inline styles are not getting added to the element
Environment
-
Chosen Version:
-
v1.8.7
-
jQuery or Prototype Version:
-
Jquery
-
Browser and Version:
-
Chrome lany version is fine
-
OS and Version:
-
Mac any version is fine
Additional information
Any other information you want to share that is relevant to the issue being reported. This might include the lines of code that you have identified as causing the bug, or potential solutions and workarounds.
