Apex Code Development You need to sign in to do that
Don't have an account?
Domenico Sciarrone 9 CSP Content-Security-Policy - Custom component Chrome and IE11 problems
Hi All,
I have developed a custom component and I'm facing an issue related to CSP. When I open the component from the quick action for the first time it works well, but when I close the window that contains the component and I open it again (from the quick action), I'm facing in the console the following error and the component will never load.
Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension: https://sfdc.azureedge.net *.na35.visual.force.com https://ssl.gstatic.com/accessibility/". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
Screenshot from Chrome browser.
Note: if I deactive Lightning LockerService Security I'm not facing that problem, but the component never load.
Is this an issue or is going to be the default behaviour from now?
has anyone had this problem?
Thanks in advance
I have developed a custom component and I'm facing an issue related to CSP. When I open the component from the quick action for the first time it works well, but when I close the window that contains the component and I open it again (from the quick action), I'm facing in the console the following error and the component will never load.
Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension: https://sfdc.azureedge.net *.na35.visual.force.com https://ssl.gstatic.com/accessibility/". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
Screenshot from Chrome browser.
Note: if I deactive Lightning LockerService Security I'm not facing that problem, but the component never load.
Is this an issue or is going to be the default behaviour from now?
has anyone had this problem?
Thanks in advance
With "inline script", i think that the CSP considerders every parth of code include on <script></script> tags. But, in the component i don't have that.
Can anyone help me?
Thank you in advance.
were you able to solve this problem. from the screenshot it looks you are using utility tool for some platform event or Open CTI console. We are also experiencing the same issue and the error is thrwing for all the users using Open CTI phone widget.
Please share your thoughts.