Hey
Which value do I have to give the Content Security Header in order to make Infragistics ASP.NET components work e.g. the WebDatePicker.
Thanks in advance.
Is this problem of requiring script-src unsafe-eval only for WebForms?
Hello,
Thank you for your patience.
Our controls use inline script elements as well as eval(). Your CSP configuration should look like this:
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self';connect-src 'self';child-src 'self';form-action 'self';block-all-mixed-content;" />
Please let us know if you need further assistance.
I am also facing the same problem with below content-security-policy the Infragistics controls are working fine in IE browser but when switched to Chrome browser , its not rendering correctly and not working. I want the list of values by which the Infragistics controls works correctly in Chrome browser also.
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' ; style-src 'self'; img-src 'self'; font-src 'self';connect-src 'self';child-src 'self';form-action 'self';block-all-mixed-content;" />
Hello Pieterjan,
I understood, I will test your scenario and I will get back to you with my findings.
Best Regards, Tihomir IlievSoftware DeveloperInfragistics, Inc.