0

zk-springboot-with-security-Error in CSP Header

asked 2021-03-23 14:55:32 +0800

wastemails gravatar image wastemails
130 1

updated 2021-03-31 11:55:48 +0800

cor3000 gravatar image cor3000
5868 2 7
ZK Team

The following is aded in Spring Security Configuration

http
  .headers()
  .contentSecurityPolicy("image-src 'self'; default-src 'none'; script-src 'self'; style-src 'self'").reportOnly()

Added the following in zul file.

<?header name="Content-Security-Policy-Report-Only"
        value="default-src 'none';
        script-src 'self' 'unsafe-inline' 'unsafe-eval';
        frame-src 'self';
        connect-src 'self' ws://your.server.name:8080/;
        img-src 'self';
        style-src 'self' 'unsafe-inline';
        font-src 'self'" ?>

Getting error as Invalid characters (CR/LF) in header Content-Security-Policy-Report-Only

delete flag offensive retag edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-03-31 11:59:09 +0800

cor3000 gravatar image cor3000
5868 2 7
ZK Team

sounds like CR/LF refers to line breaks:

did you try to remove line breaks from the header value?

<?header name="Content-Security-Policy-Report-Only"
        value="default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; connect-src 'self' ws://your.server.name:8080/; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'" ?>
link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow

RSS

Stats

Asked: 2021-03-23 14:55:32 +0800

Seen: 5 times

Last updated: Mar 31

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More