The thing is, I have a stricter content security policy set up on my site and I'm getting some violation errors because of that. I figured I have to allow unsafe-inline for styles and scripts to make the viewer work, but I wanted to ask if maybe there is some setting to disable inline scripts and styles or a possibility to add a nonce to whitelist the inline parts.
You can surely reproduce the issue when you add this meta tag to any of the examples' index.html and try to load reports like ChartStyle.mrt, MasterDetail.mrt or so on.
Code: Select all
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src 'self' data:; font-src data:">
Code: Select all
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src data:">