1.9 C
New York
Sunday, December 1, 2024
HomeiOS Development
iOS Development

Fullcalendar.io not working with CSP nonce on safari Browser

By codesanitize.com
0
1
Fullcalendar.io not working with CSP nonce on safari Browser


I’m utilizing FullCalendar.io in my Asp.Internet core net app. Additionally I’ve setup CSP with NetEscapades.AspNetCore.SecurityHeaders.
Listed here are the definitions:

coverage.AddContentSecurityPolicy(builder =>
{
    builder.AddDefaultSrc().Self();
    builder.AddConnectSrc()
        .From("wss://localhost:*")
        .From("ws://localhost:*")
        .From("https://localhost:*")
        .From("http://localhost:*")
        .Self();

    builder.AddObjectSrc().Self();
    builder.AddBlockAllMixedContent();
    builder.AddImgSrc().Self().From("knowledge:").OverHttps();
    builder.AddFormAction().Self().OverHttps();
    builder.AddFontSrc().Self().From("knowledge:").OverHttps();
    builder.AddStyleSrc()
        .Self()
        ////.UnsafeInline()
        .WithNonce()
        .OverHttps();
    builder.AddScriptSrc()
        .Self()
        .WithNonce()
        .OverHttps();
    builder.AddBaseUri().Self().OverHttps();
    builder.AddFrameAncestors().Self().OverHttps();
    builder.AddWorkerSrc().Self().OverHttps();
    builder.AddManifestSrc().Self().OverHttps();
});

My calendar could be very fundamental:

$(doc).prepared(operate () {
    var antiForgeryToken = $('enter[name = "AFTFFINNIA"]').val();
    var calendarEl = doc.getElementById('calendar');
    var calendar = new FullCalendar.Calendar(calendarEl, {
        initialView: 'dayGridMonth',
        locale: 'de-CH',
        firstDay: 1,
        peak: "auto",
        headerToolbar: {
            left: 'prev,subsequent in the present day',
            middle: 'title',
            proper: 'dayGridMonth,timeGridWeek,timeGridDay,listWeek'
        },
        occasions: {
            url: '/Kalender/Termine',
            technique: 'POST',
            extraParams: {
                AFTFFINNIA: antiForgeryToken
            },
        },
    });

    calendar.render();
});

On chrome (home windows) this works high-quality. However on iOS and macOS with safari, the calendar shouldn’t be being displayed.

Error message: Refused to use a stylesheet as a result of its hash, its nonce, or ‘unsafe-inline’ doesn’t seem int the style-src directive of the Content material Safety Coverage. (Index, line 1)

After this there’s a TypeError: null shouldn’t be an object (evaluating ‘i.cssRules’).

I did learn: Fullcalendar.io’s Content material Safety Coverage (CSP).

Anybody know why this doesn’t work on safari?

Content material-Safety-Coverage Header:

style-src 'self' https: 'nonce-+1v9CuQxiH8qkVG0PK4Lo/D/kV0oI2jIw7Eb2xxemXY='; 
script-src 'self' https: 'nonce-+1v9CuQxiH8qkVG0PK4Lo/D/kV0oI2jIw7Eb2xxemXY='; 
default-src 'self'; 
connect-src wss://localhost:* ws://localhost:* https://localhost:* http://localhost:* 'self'; 
object-src 'self'; 
block-all-mixed-content; 
img-src 'self' knowledge: https:; 
form-action 'self' https:; font-src 'self' knowledge: https:; 
base-uri 'self' https:; 
frame-ancestors 'self' https:; 
worker-src 'self' https:; 
manifest-src 'self' https:

Previous articleAs a Pixel proprietor, this price range Samsung telephone is my finest life hack
Next articleOutback Charging Odyssey — Getting the Areas Prepared
codesanitize.comhttps://codesanitize.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved