0

I created a new "SAP Fiori Launchpad Site Module" inside of an "Multi Target Application" project from the WebIde on "SAP HANA© XS Advanced Runtime on premise" (docker image store/saplabs/hanaexpressxsa:2.00.036.00.20190223.1) but I get this error after I deploy the application:

Refused to execute inline script because it violates the following Content Security Policy directive

Steps to reproduce the issue:

  1. Create a new "Multi-Target Application Project" in the WebIde
  2. Add a new "SAP Fiori Launchpad Site Module" to the application
  3. Build the application
  4. Deploy the application on SAP HanaXSA instance
  5. Try to access the Fiori Launchpad

You should see the error in the browser console

I tried to use Chrome (Version 75.0.3770.142) and Firefox(68.0.1 (64-bit)) to access the site, but I get the same error.

I expected the Demo Fiori Site to be displayed, but instead an empty page is displayed and in the browser console the following errors are displayed:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://hxehost:51036 https://sapui5.hana.ondemand.com". Either the 'unsafe-inline' keyword, a hash ('sha256-NgEjsBnwasEV3qUuFB3e//lUSMnxA7QXX71JM5aiVDU='), or a nonce ('nonce-...') is required to enable inline execution.

sites:11 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://hxehost:51036 https://sapui5.hana.ondemand.com". Either the 'unsafe-inline' keyword, a hash ('sha256-4HLEOQTTt5/QjdzyAx+0u3MGo5aetBm29vv3z8YAFuE='), or a nonce ('nonce-...') is required to enable inline execution.

sites:108 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://hxehost:51036 https://sapui5.hana.ondemand.com". Either the 'unsafe-inline' keyword, a hash ('sha256-weH3XITqj/IJEeUfXbDsdCe+LEtDyDiafcdwfH3Aumw='), or a nonce ('nonce-...') is required to enable inline execution.
Boghyon Hoffmann
  • 17,103
  • 12
  • 72
  • 170
WebEnd
  • 1
  • 1
    It seems like the solution is already in the error message? `blabla ... is required to enable inline execution.` – Marc Jul 27 '19 at 15:30
  • yes, a solution for a normal web application that has somewhere an index.html or similar page. The problem I am having is with a site generated by the SAP WebIDE using a template, and that one does not have any files that I can manipulate to add the needed headers. – WebEnd Jul 29 '19 at 05:45
  • Is the issue still reproducible with the given steps? – Boghyon Hoffmann Jul 08 '23 at 12:18

0 Answers0