Bug: Incompatible with Strict CSP style-src
dannyDNS opened this issue · comments
dannyDNS commented
Describe the bug
The SDK doesn't work without 'unsafe-inline' style-src in CSP
Steps
Set a CSP without 'unsafe-inline' style-src and try to use the SDK.
Expected behavior
The SDK works without 'unsafe-inline' styles.
Version
No response
Additional info
No response
Desktop
No response
Smartphone
No response
kakashigr commented
Also if you're using the "Cross-Origin-Opener-Policy" header with "same-origin" you need to change to:
'Cross-Origin-Opener-Policy': 'same-origin-allow-popups',
Jungho Bang commented
please try sdk 4.0