You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I recently enabled CSP with Report-Only flag on my site which blocked the User Dashboard. The point of Report-Only is that it should not change anything. While it was helpful to see the violations, this can be found in the console.
Yes, that was a simple work around but the expectation is that Report-Only won’t change site behavior. Ideally, you could list the requirements in the docs too. Here’s the list I found: connect-src 'self'; default-src 'none'; script-src 'unsafe-eval'; style-src-attr 'unsafe-inline'; font-src https://fonts.gstatic.com; form-action 'none'; frame-ancestors 'none'; img-src https://cdn.jsdelivr.net/gh/supertokens/;On May 27, 2024, at 12:17 AM, Rishabh Poddar ***@***.***> wrote:
Did adding the headers pointed out by the error solve the issue?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
Hi,
I recently enabled CSP with Report-Only flag on my site which blocked the User Dashboard. The point of Report-Only is that it should not change anything. While it was helpful to see the violations, this can be found in the console.
https://supertokens.com/docs/thirdpartyemailpassword/pre-built-ui/setup/user-management-dashboard/setup#content-security-policy.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
The text was updated successfully, but these errors were encountered: