I want to add a basic HTML page to the folder ‘public’ and open via browser (/hello.html) but the security policy prevents me from using script tags (unsafe-inline error) .
Is there a way to make a work around, like a whitelist? Adding a plugin is too much overhead for a simple page and some javascript.
Thanks for helping!
I’m currently trying to serve my Angular app from the public folder after updating from v3 → v4, and it isn’t working the way it was previously. The unsafe-inline error is also one of these issues for me.
Strapi v4 doesn’t allow to load images or script for unknown sources by default.
You can change the config/middlewares.js file to override these errors.
If you want to import js files you can add following to your middlewares.js file
export default [
'strapi::errors',
{
name: 'strapi::security',
config: {
contentSecurityPolicy: {
directives: {
'script-src': ["'self'", "'unsafe-inline'"]
},
}
}
}
'strapi::cors',
'strapi::poweredBy',
'strapi::logger',
'strapi::query',
'strapi::body',
'strapi::session',
'strapi::favicon',
'strapi::public',
];