question

MSUserV-0780 avatar image
0 Votes"
MSUserV-0780 asked BakerKong-MSFT commented

Can we use script-src 'self' 'unsafe-inline' in the content security policy of the .net application?

In our asp.net SharePoint application, we have used script-src 'self' 'unsafe-inline' in the content security policy as sharepoint is generating some inline javascript code dynamically at runtime. But CSP validator showed red flag for using 'unsafe-inline'. Could you please suggest we can use 'self' 'unsafe-inline' as sharepoint framework itself has some inline codes or any other recommendation?

dotnet-csharpoffice-sharepoint-server-development
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MSUserV-0780,

What kind of application you're developing? Is it an isolated web site or an SP solution? How do you configure script-src? And what about the error msg?

Thanks
Baker Kong

0 Votes 0 ·

0 Answers