Content Security Policy default Setup of Primefaces restricts Bootsfaces scripts

Asked Sep 10 '20 at 06:55

Active Sep 13 '20 at 10:50

Viewed 648 times

I've a project using Primefaces & Bootsfases, when I enabled, I encountered many issues in Ajax calls

<context-param>
    <param-name>primefaces.CSP</param-name>
    <param-value>true</param-value>
</context-param>

I've tried to customize the policy as described here https://primefaces.github.io/primefaces/8_0/#/core/contentsecuritypolicy?id=content-security-policy

<context-param>
    <param-name>primefaces.CSP_POLICY</param-name>
    <param-value>script-src 'self' https:***cdn of blocked scripts*** </param-value>
</context-param>

But no effect, appreciate if anyone has any clue.

edited Sep 13 '20 at 10:50

BalusC

1,082,665
372
3,610
3,555

asked Sep 10 '20 at 06:55

Muhammad Nabil

Errors in ajax calls by PF components or BF components? – Kukeltje Sep 10 '20 at 09:52
Please post your exact CSP errors as well. – Melloware Sep 10 '20 at 11:05
@Kukeltje in BF components – Muhammad Nabil Sep 11 '20 at 20:11
@Melloware, usually any ajax call from bootsfaces table, for example open Dialog for selected row, I'll post image for the errors – Muhammad Nabil Sep 11 '20 at 20:14
@Melloware, Image Added – Muhammad Nabil Sep 12 '20 at 13:43
Yep it looks like its using "Inline" scripts are a not allowed. I think you are going to have to contact the BootsFaces developer and report this issue. The PF Datatable works fine. see: https://github.com/TheCoder4eu/BootsFaces-OSP/issues – Melloware Sep 13 '20 at 13:07

Content Security Policy default Setup of Primefaces restricts Bootsfaces scripts

0 Answers0