You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Django-otp seems to add some inline styling to correctly render the OTP field in /admin. If CSP are configured to block any inline style, the follow errors is returned and the field doesn't render as it should:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-....='), or a nonce ('nonce-...') is required to enable inline execution.
Same happen once logged in, when clicking the qrcode link, there is some inline style:
Problem:
Django-otp seems to add some inline styling to correctly render the OTP field in /admin. If CSP are configured to block any inline style, the follow errors is returned and the field doesn't render as it should:
Same happen once logged in, when clicking the qrcode link, there is some inline style:
Solution:
Add a hash or make the inline script safe (if it doesn't change often) or use a style.css file and import it instead.
The text was updated successfully, but these errors were encountered: