Skip to content

Commit 518f0b5

Browse files
Merge pull request #1204 from wavemaker/BhavaniGaneshBalagam-patch-1
Update configuring-content-security-policy.md
2 parents 31d7b13 + 0bf3cbb commit 518f0b5

1 file changed

Lines changed: 10 additions & 2 deletions

File tree

learn/how-tos/configuring-content-security-policy.md

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,15 @@ security.general.csp.policy=script-src 'self'; style-src 'self' 'nonce-${NONCE_V
5050
3. Deploy and test
5151

5252
:::note
53-
The policy above is a sample one. You can provide your own policy against the property security.general.csp.policy
53+
The policy above is a sample one. You can provide your own policy against the property security.general.csp.policy.
54+
If you are using the Calendar widget in your project, please add the additional meta tag (in lowercase) to your index.html file:
55+
```
56+
<meta name="csp-nonce" content="${NONCE_VALUE}">
57+
```
58+
Also, ensure that you include the data: protocol under the font-src directive in your CSP policy.
59+
```
60+
security.general.csp.policy=script-src 'self'; style-src 'self' 'nonce-${NONCE_VALUE}'; default-src 'self'; font-src 'self' data:
61+
```
5462
:::
5563

5664
## ${NONCE_VALUE}
@@ -75,4 +83,4 @@ These are:
7583

7684
- When **Dynamic DataTable** is used, 'unsafe-eval' is required against the script-src directive.
7785
- When **Dynamic form** is used, 'unsafe-eval' is required against the script-src directive.
78-
- When the **Richtext editor** widget is used, 'unsafe-inline' is required against the style-src directive. This widget uses open source library summernote, which is heavily jQuery based and applies inline styles.
86+
- When the **Richtext editor** widget is used, 'unsafe-inline' is required against the style-src directive. This widget uses open source library summernote, which is heavily jQuery based and applies inline styles.

0 commit comments

Comments
 (0)