+ Start a Discussion
Domenico Sciarrone 9Domenico Sciarrone 9 

CSP Content-Security-Policy - Custom component Chrome and IE11 problems

Hi All,
I have developed a custom component and I'm facing an issue related to CSP. When I open the component from the quick action for the first time it works well, but when I close the window that contains the component and I open it again (from the quick action), I'm facing in the console the following error and the component will never load. 

Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension: https://sfdc.azureedge.net *.na35.visual.force.com https://ssl.gstatic.com/accessibility/". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

Screenshot from Chrome browser.

User-added image

Note: if I deactive Lightning LockerService Security I'm not facing that problem, but the component never load.

Is this an issue or is going to be the default behaviour from now?

has anyone had this problem?

Thanks in advance

LockerService has stricter CSP security in the Spring '17 release. As a result, you cannot invoke inline scripts. Refer to the link for more info in this release - https://releasenotes.docs.salesforce.com/en-us/spring17/release-notes/rn_lightning_csp.htm (https://releasenotes.docs.salesforce.com/en-us/spring17/release-notes/rn_lightning_csp.htm" target="_blank)
Domenico Sciarrone 9Domenico Sciarrone 9
Hi SakeJoshi, thank you for your answer.
With "inline script", i think that the CSP considerders every parth of code include on <script></script> tags. But, in the component i don't have that.

Domenico Sciarrone 18Domenico Sciarrone 18
Can anyone help me?

Thank you in advance.

kashif Syed 1kashif Syed 1
Hi Domenico,

were you able to solve this problem. from the screenshot it looks you are using utility tool for some platform event or Open CTI console. We are also experiencing the same issue and the error is thrwing for all the users using Open CTI phone widget.

Please share your thoughts.
Khaled YoussefKhaled Youssef
did you find a solution for this problem ? thanks in advance