System Information
- Strapi Version: v4.15.4
- Operating System: MacOS
- Database:
- Node Version: v18.18
- NPM Version: 9.8.1
- Yarn Version:
Hello folks,
I am having issues removing all ‘unsafe-inline’ from the Content-Security-Policy header for the Strapi Admin Dashboard.
If I remove it, using the 'strapi::security'
middleware as showed below:
{
name: 'strapi::security',
config: {
contentSecurityPolicy: {
directives: {
'style-src': ["'self'"],
'script-src': ["'self'"],
},
},
},
},
I start to get errors from the browser console, it’s only with the 'style-src'
:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ...
I am using the native dashboard, meaning I haven’t created a custom Strapi Front-End.
Is there a way to remove the inline styles from the dashboard or to implement the request, which is removing all ‘unsafe-inline’ from the CSP header, without building a whole new front-end ?
Thanks!