-
Story
-
Resolution: Done
-
Critical
-
None
-
None
-
None
-
None
-
None
-
False
-
-
False
-
2
-
None
-
None
-
HAC Infra OCP - Sprint 262
Console HTML index template contains an inline script tag used to set up SERVER_FLAGS and visual theme config.
This inline script tag triggers a CSP violation at Console runtime (see attachment for details).
The proper way to address this error is to allow this script tag - either generate a SHA hash representing its contents or generate a cryptographically secure random token for the script.
AC:
- There is no CSP violation reported for inline script tag.