[LF7.x] CSP compatibility[LF7.x] CSP compatibilityhttps://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=1215073652026-04-04T06:21:28Z2026-04-04T06:21:28ZRE: [LF7.x] CSP compatibilityZsigmond Rabhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1215077862022-09-02T17:43:18Z2022-09-02T17:43:17Z<p>Hi Tinfo,</p>
<p>Making the portal CSP compliant is one of our next enhancements. You
can watch the https://issues.liferay.com/browse/LPS-134060 ticket for updates.</p>
<p>That is also planned to cover what to do with inline scripts and
styles at a point.</p>
<p>I personally appreciate if you can share any experiences, further
needs that you think we should consider in the implementation. I mean,
beyond what is needed to be implemented for being compliant with the standard.</p>
<p>Thanks,</p>
<p>Zsigmond</p>Zsigmond Rab2022-09-02T17:43:17Z[LF7.x] CSP compatibilityTinfo Tinfohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1215073642022-09-02T09:02:34Z2022-09-02T09:02:34Z<p>Hello,</p>
<p>is Liferay Portal CSP compliant?</p>
<p>Actually if we try to add CSP directive</p>
<pre>
<code class="language-java">Content-Security-Policy: script-src 'self';</code></pre>
<p>the portal loads with lots of errors in browser console like these:</p>
<pre>
<code class="language-java">Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src")
Uncaught ReferenceError: Liferay is not defined
Uncaught ReferenceError: AUI is not defined</code></pre>
<p>We are missing something?</p>
<p>Is there any plan in the future to make Liferay Portal CSP compliant
by removing all inline script and style? </p>Tinfo Tinfo2022-09-02T09:02:34Z