.ngf-hide style in javascript results in CSP warning #1122
Comments
|
What browser what version? Does it happen on the demo page as well? |
|
Tested in the latest version of chrome. The demo page doesn't give a warning because it hasn't got a content security policy enabled. I have it enabled from my backend to prevent things like XSS attacks. |
|
Angular adds styles to the head too, do you get the same warning for angular? |
|
In angular that part is solved by adding an ngCsp directive. That tells angular to stop injecting css styles. See https://docs.angularjs.org/api/ng/directive/ngCsp |
danialfarid
pushed a commit
that referenced
this issue
Nov 10, 2015
|
Fixed at 10.0.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A Content-Security-Policy header containing ' script-src 'self'; style-src 'self'; ' will result in the following warning:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'".
Stacktrace:
(anonymous function) @ ng-file-upload.js:883
(anonymous function) @ ng-file-upload.js:1016
The text was updated successfully, but these errors were encountered: