<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi,<div>We would like to use angular-ui-grid module to support grid feature.</div><div><br></div><div>We found angular-ui-grid used a lot of inline styles.</div><div><br></div><div>To make it workable, we had to add "unsafe-inline" to CSP.</div><div>So we added the below modification in the phosphor-webui/webpack.config.js</div><div><div>     new CSPWebpackPlugin({</div><div>       'base-uri': '\'self\'',</div><div>       'object-src': '\'none\'',</div><div><span style="white-space:pre"> </span>   'script-src': ['\'self\''],</div><div>-      'style-src': ['\'self\''],</div><div>+      'style-src': ['\'self\'', '\'unsafe-inline\'' ],</div></div><div><br></div><div>But the grid could still not work.</div><div><br></div><div>Then we tried to modify the content of  CSP in the bmcweb </div><div>(include/security_headers_middleware.hpp)</div><div><br></div><div><div>@@ -41,7 +41,7 @@ struct SecurityHeadersMiddleware</div><div>       // img-src 'self' data: is used to allow that.</div><div>       // <a href="https://stackoverflow.com/questions/18447970/content-security-policy-data-not-working-for-base64-images-in-chrome-28">https://stackoverflow.com/questions/18447970/content-security-policy-data-not-working-for-base64-images-in-chrome-28</a></div><div>       res.addHeader("Content-Security-Policy",</div><div>-                      "default-src 'self'; img-src 'self' data:");</div><div>+                      "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:");</div><div>       res.addHeader("X-XSS-Protection", "1; "</div><div>                                           "mode=block");</div><div>       res.addHeader("X-Content-Type-Options", "nosniff");</div></div><div><br></div><div>The grid could be displayed normally.</div><div><br></div><div>Can anyone tell me why the modified CSP in the webpack.config.js had no effect?</div><div><br></div><div>Thanks.</div><div><br></div></div></div></div></div></div></div>