1

I'm using the following to run my app with node v14.17.4 & npm v6.14.14

    "@angular/cdk": "^13.2.2",
    "@angular/common": "~13.1.0",
    "@angular/compiler": "~13.1.0",
    "@angular/core": "~13.1.0",
    "@angular/forms": "~13.1.0",
    "@angular/platform-browser": "~13.1.0",
    "@angular/platform-browser-dynamic": "~13.1.0",
    "@angular/router": "~13.1.0",
    "@angular-builders/custom-webpack": "13.0.0",
    "@angular-builders/dev-server": "^7.3.1",
    "@angular-devkit/build-angular": "~13.1.0",
    "@angular/cli": "13.0.4",
    "@angular/compiler-cli": "~13.1.0",
    "@angular/language-service": "~13.1.0",

While running the ng build it generates the dist folder but without the styles.js, which was working well with angular v8. Now I'm receiving the a CSP error Refused to load the script 'script-uri' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline'". where the styles.css is not loaded enter image description here

Am I suppose to be adding the CSP headers anywhere explicitly?

ayeshas7
  • 81
  • 5
  • It's `styles.*.css` and not `styles.js` that Angular creates, it should be named like `styles.24c7e03df8f81490.css`. This error message doesn't have anything to do with the CSS file though as it's your browser that's refusing to load the script. – yktoo Sep 13 '22 at 06:15
  • ok, thanks @yktoo, this works well locally though. I'm not sure why is it only seen after deploying the app. – ayeshas7 Sep 13 '22 at 09:48
  • That unequivocally shows your server is sending a CSP header that isn't working well with your app. Basically, the browser gives a pretty clear explanation what it doesn't like about it. – yktoo Sep 13 '22 at 09:51

0 Answers0