Content-Security-Policy: The page’s settings blocked an inline script

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Riad
    Member
    • Aug 2018
    • 35
    #1

    Content-Security-Policy: The page’s settings blocked an inline script

    Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'self' 'nonce-a40c5d449d7c0a7ee2cd9978d392ef59' 'unsafe-eval' https://maps.googleapis.com” The admin settings not display in my account menu and the notifications icon not display the mention not works
    Attached Files
    Last edited by Riad; Today, 12:28 PM.
    Tags: None
    • lazovic
      Super Moderator
      • Jan 2022
      • 982
      #2
      Hi Riad,

      You may need to disable the clientCspDisabled parameter in the EspoCRM instance configuration file to get rid of this error: https://docs.espocrm.com/administrat...rams/#security.

      Config parameters can be changed or added manually in the file data/config.php. Parameters can also be added to the file data/config-internal.php.

        Comment

      • yuri
        Member
        • Mar 2014
        • 8929
        #3
        Note that disabling CSP increases security risks significantly. Not recommended.
        If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

          Comment

          • Riad
            #3.1
            Riad commented
            Today, 01:32 PM
            Editing a comment
            Thank you yuri how can solve it without security risks?
          • yuri
            Member
            • Mar 2014
            • 8929
            #4
            Add to config-internal.php


            Code:
              'clientCspScriptSourceList' => [
      'https://maps.googleapis.com',
  ],
            If clientCspScriptSourceList is already there, add only the string.
            If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.
              👍 1

              Comment

              • Riad
                #4.1
                Riad commented
                Today, 01:37 PM
                Editing a comment
                Added it and make rebuild but the problem as it is.
              • Riad
                Member
                • Aug 2018
                • 35
                #5
                Have this also "
                /crm/client/modules/dynamic-checklist/lib/module-js-functions.js?r=1747057262

                Status 404



                VersionHTTP/2

                Transferred15.72 kB (95.72 kB size)

                Referrer Policystrict-origin-when-cross-origin

                DNS ResolutionSystem
                "

                  Comment

                  Previous template Next
                  Working...