How to resolve Content Security Policy (CSP) errors
29 Jul 20231 minute to read
Enabling the strict Content Security Policy (CSP) may cause the following issues with the Essential JS 2 controls in your application.
Template rendering
From the 2023 Vol2 - 22.1 release onwards, the Content Security Policy for Syncfusion controls has been enhanced. The usage of the
unsafe-eval
directive has been eliminated from the CSP meta tag.
In your application, utilizes string or external templates, it is advisable to rewrite them using the function template approach for template properties.
NOTE
If users prefer to continue using inline string and external templates, it is necessary to include the
unsafe-eval
directive in the CSP meta tag in order to bypass the CSP violation.
Image loading
Syncfusion license banner utilize the image from base64, which is not allowed on strict CSP-enabled sites. To overcome this restriction, it is necessary to add the img-src data:
directive in the meta tag or consider registering the license key.