Open Closed

Issue with Content-Security-Policy after upgrade to Abp 5 #3749


User avatar
0
nhontran created
  • ABP Framework version: v5.2.2.
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi, we have upgraded our solution to Abp 5.2.2 and got 1 issue when accessing the TenantSwitchModal, we are not allowed to add 'unsafe-eval' into script-src due to security test, below is our CSP:

default-src 'self'; script-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;

Could you please help us take a look and advise?


7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you cancel the minify js and check what code caused the error?

  • User Avatar
    0
    nhontran created

    Hi @maliming,

    I have disabled the bundle and minify, this is the code caused the error:

    Could you please help us take a look? thank you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    This is related to https://github.com/abpframework/abp/pull/11811/

    You can use this version of jquery-extensions.js to solve it now. https://github.com/abpframework/abp/blob/20631dd85fccd1378c2627d86a5c2692166fa3b4/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared/wwwroot/libs/abp/aspnetcore-mvc-ui-theme-shared/jquery/jquery-extensions.js

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    https://github.com/abpframework/abp/issues/14178

  • User Avatar
    0
    nhontran created

    Hi maliming,

    Thanks for your reply, may I know what are the steps to replace the jquery-extensions.js?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    https://docs.abp.io/en/abp/latest/Virtual-File-System#replacing-overriding-virtual-files

  • User Avatar
    0
    nhontran created

    Thank @maliming, I managed to replace the file.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09