question

LiShiQuanNCS-8649 avatar image
0 Votes"
LiShiQuanNCS-8649 asked LanHuang-MSFT answered

Reportviewer was not able to load data when enabled Content Security Policy

Reportviewer works fine without Content Security Policy, how to resolve the loading issues when enable CSP?

Reportviewer works with ScriptManager. and many auto js will inital added when page load. these js was stopped execute cased by CSP.

dotnet-aspnet-webforms
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LanHuang-MSFT avatar image
0 Votes"
LanHuang-MSFT answered

Hi @LiShiQuanNCS-8649,

After the content security policy is enabled. Browsers examine the sources of pages and determine whether they meet the requirements of the content safety directive. When a resource does not comply with policy directives, the browser does not load the resource.
For example, consider a policy that does not allow third-party scripting. When a page <scr ipt> contains markup with a third-party source in the src attribute, the browser prevents the script from loading.

You can try the following:

  • Move all inline code and styles to a separate file and reference it.

  • Try adding a config entry as below:

    <system.webServer> <httpProtocol> <customHeaders> <add name="Content-Security-Policy" value="default-src 'self';" /> </customHeaders> </httpProtocol> </system.webServer>
    The default-src directive defines the default policy for fetching resources such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media. Not all directives fallback to default-src. See the Source List Reference for possible values. https://content-security-policy.com/#source_list

More details can be found here:https://content-security-policy.com

Best regards,
Lan Huang


If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.