Comments (8)
wizzymore
commented on June 8, 2024
Can you provide a snippet of the code that triggers this error?
from jquery.
soilssong
commented on June 8, 2024
Can you provide a snippet of the code that triggers this error?
Actually I'm adding my scripts like that due to BundleConfig.
I have tried to adding nonce to every script that related the Jquery but the result is same, I even tried to hard coded nonce like
from jquery.
wenz
commented on June 8, 2024
Looking at the error message in the browser console, it looks like there is no nonce in the CSP.
from jquery.
soilssong
commented on June 8, 2024
Yes that was the error message before I have applied nonce. I added hard-coded nonce like below even I know that its should be generated at each request but just wanted to test it with static value.
This is my CSP:
in that CSP condition isn't that enough to add this value to script tags as a nonce value that related to Jquery ?
from jquery.
wenz
commented on June 8, 2024
Thanks for the clarification. I assume you could confirm in the browser dev tools that the <script> tag in question does not have a nonce attribute, right? A minimal reproduction of the error, e.g. on jsbin, would be helpful.
from jquery.
mgol
commented on June 8, 2024
The browser will generally clean the nonce attribute for security reasons but you should be able to read the nonce property - you can even try doing that from browser DevTools.
It's hard to act on this without any test case. Hence the Needs info label for now.
from jquery.
soilssong
commented on June 8, 2024
First of all sorry for late response and thanks for your support.
I can confirm that in web browser tool , I can see the nonce attribute but its hides the value of it. ( and I think as mgol said its a built in behavior by modern browsers)
Beside of all these recently I have realised that even my onClick functions are violating CSP itself. You can see it below.
There are lot of functions so I couldn't figure out how can I minimize it and just wanted to show some part of it.
For example this is the codes I'm using from pagination, when I'm clicking the any page number new CSP violation error occurs.
from jquery.
mgol
commented on June 8, 2024
Inline event handlers will definitely conflict with CSP. It looks like you have a lot to do thatβs unrelated to jQuery. Let me close the issue then. You may want to try venues more geared towards developer help rather than the jQuery bug report.
from jquery.
Related Issues (20)
- Cannot read properties of null (reading 'compareDocumentPosition') HOT 3
- Invalid links in blog article HOT 2
- The jquery.factory.js bundle is missing in the npm package in the 4.0.0-beta release HOT 2
- `require( "jquery" )` returns a module object when used with Webpack & jQuery 4.0.0-beta HOT 24
- v4 beta : mottie/tablesorter plugin fails with sort() and trim() missing HOT 1
- Jquery-UI getting Error With jQuery jQuery 4.0.0 BETA! HOT 4
- jQuery.get() 4.0 backward compatibility issue HOT 3
- Permissions policy violation due to unload event HOT 1
- Avoiding JQuery version disclosure on Angular's Script.JS HOT 1
- Scripts in dynamically set html always asynchronously loaded HOT 3
- jQuery 3.7.1 is still making wrong calculation of dimensions in Firefox. HOT 1
- Memory Leak: OriginAnchor HOT 6
- Memory Leak: boxSizingReliable HOT 4
- Triggering after an `alert()` in an event handler results in a JS error HOT 3
- The strange behavior generated by the append method HOT 1
- Avoid counting scroll twice in offset HOT 1
- jQuery Migrate 3.4.0 - elem.focus() is not working HOT 3
- Issue or behaviour??? - 2.2.3 to 3.6.0 - active element changed on focus. HOT 2
- Issue using JQuery 3.7.1 and CSP HOT 2
- Jquery Vite installation doesnt work. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jquery.