We wrestled with getting our web security up to snuff without having any in-house expertise. I found this site useful for testing and offering up next steps and links on how to fix the problems.
https://observatory.mozilla.org/ We found answers to exactly your issues by following these steps. - Jim On Thu, Jun 14, 2018 at 6:15 PM Timothy Penner via 4D_Tech < [email protected]> wrote: > I think it's telling you that the page does not have a default-src self > tag. Therefore Content-Security-Policy (CSP) is blocking the loading of > inline styles.... > https://content-security-policy.com/ > > Quote: "The default-src is the default policy for loading content such as > JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media. See the > Source List Reference for possible values." > https://content-security-policy.com/#source_list > > The comments on this stack overflow post suggest not using inline css at > all because it is unsafe: > > https://stackoverflow.com/questions/17766817/refused-to-apply-inline-style-because-it-violates-the-following-content-security/18428346 > > -Tim > > > > ********************************************************************** > 4D Internet Users Group (4D iNUG) > FAQ: http://lists.4d.com/faqnug.html > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:[email protected] > ********************************************************************** ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
