Page 1 of 1

RE: Content Security Policy Headers Stopping Onclick Events

Posted: Tue Nov 28, 2017 12:14 pm
by bunglebonce
Hello,

I am currently testing web pages following Content Security Policy guidelines using Web Builder 11.6.3.

As I am sure you will know, by setting a specific CSP header on your web page, inline javascript no longer works, and you have to put your javascript code in linked files.

So, with the CSP header included on the page, onclick events generated in Web Builder no longer work.

For example, if I create a panel layer in Web Builder and a button that displays the panel when clicked, the onclick event that would show the panel no longer works with the CSP header added to the page.

Is there a way to solve this problem?

I have been replacing onclick with addEventListener on pages I have written myself, but I do not know how to do this with Web Builder Generated code.

Any help would be much appreciated.

Thank you

Re: RE: Content Security Policy Headers Stopping Onclick Events

Posted: Tue Nov 28, 2017 12:59 pm
by BaconFries
Moved this to "Off Topic Section" as not directly related to the function of programme. From my understanding of this then you will then need to implement "directives" these can be in a . htaccess file or with meta tags. You can read more about using at the following:
CSP

Re: RE: Content Security Policy Headers Stopping Onclick Events

Posted: Tue Nov 28, 2017 1:19 pm
by Pablo
Events are always inline functions, there is no way to change this.