Which value do I have to give the Content Security Header in order to make Infragistics ASP.NET components work e.g. the WebDatePicker.
Thanks in advance.
Thank you for contacting us.
Could you share with us what error do you get? Please provide as much details as possible.
I am looking forward to hearing from you.
Best Regards, Tihomir IlievSoftware DeveloperInfragistics, Inc.
I will try to give you as much details if I can.
When I set the Conent Security Header to script-src 'self'; object-src 'self'; e.g. a WebDropDown won't open its dropdownlist or when you click on the calendar icon of a WebDatePicker nothing happens.
But when I set to Content Security Header to script-src 'self' 'unsafe-inline'; object-src 'self'; than it works. But this is not save at all.
Can you give me some advice.
I understood, I will test your scenario and I will get back to you with my findings.
I am also facing the same problem with below content-security-policy the Infragistics controls are working fine in IE browser but when switched to Chrome browser , its not rendering correctly and not working. I want the list of values by which the Infragistics controls works correctly in Chrome browser also.
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' ; style-src 'self'; img-src 'self'; font-src 'self';connect-src 'self';child-src 'self';form-action 'self';block-all-mixed-content;" />
Thank you for your patience.
Our controls use inline script elements as well as eval(). Your CSP configuration should look like this:
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self';connect-src 'self';child-src 'self';form-action 'self';block-all-mixed-content;" />
Please let us know if you need further assistance.