Project

General

Profile

Bug #24062

Updated by Clark ANDRIANASOLO 4 months ago

When we implemented CSP headers we found out that the Lift web framework appends scripts to the HTML response, and there is no convenient way to hook into the scripts and add nonce attributes to them. So we allowed duplicate scripts, one we added with a nonce and another one added by Lift, causing a CSP violation in the browser (healthcheck page only).  

 We should find a way to avoid the duplication. 

 Also we should fix all current violations on the healthcheck page :  
 !clipboard-202401231748-8wohf.png! 

Back