Generated CSP header has unsafe-hashes
inside style-src
#99
Unanswered
lanzosuarez
asked this question in
Q&A
Replies: 0 comments
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
-
Hi, everyone, any idea why
unsafe-hashes
insidestyle-src
directive is necessary when usingstrictyInlineStyles
andtrustifyStyles: true
? Cause if it's for allowing inline styles, according to MDN, the inline style's hash is enough.Thanks for answering my question!
Example:
Content-Security-Policy: style-src 'sha256-ozBpjL6dxO8fsS4u6fwG1dFDACYvpNxYeBA6tzR+FY8='
Source:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
Beta Was this translation helpful? Give feedback.
All reactions