How to add simple HTML page with javascript in folder public

System Information
  • 4.5.3:
  • Linux
  • SQLite
  • 16
  • 8.5.5
  • 1.22.11

I want to add a basic HTML page to the folder ‘public’ and open via browser (/hello.html) but the security policy prevents me from using script tags (unsafe-inline error) .
Is there a way to make a work around, like a whitelist? Adding a plugin is too much overhead for a simple page and some javascript.

Thanks for helping!

I’m currently trying to serve my Angular app from the public folder after updating from v3 → v4, and it isn’t working the way it was previously. The unsafe-inline error is also one of these issues for me.

Strapi v4 doesn’t allow to load images or script for unknown sources by default.
You can change the config/middlewares.js file to override these errors.
If you want to import js files you can add following to your middlewares.js file

export default [
  'strapi::errors',
{
    name: 'strapi::security',
    config: {
      contentSecurityPolicy: {
        directives: {
          'script-src': ["'self'", "'unsafe-inline'"]
        },
      }
    }
  }
'strapi::cors',
  'strapi::poweredBy',
  'strapi::logger',
  'strapi::query',
  'strapi::body',
  'strapi::session',
  'strapi::favicon',
  'strapi::public',
];