CSP for ASP.NET MVC with Kendo and jQuery UI.

May 19 2023 3:46 PM

I am facing issues on Kendo- Grids for Content Security Policy (CSP) for ASP.Net MVC with jQuery Kendo UI. In my application currently we are using Kendo grids, dropdowns, and popups. Initially, we implemented the below changes for CSP.

Update to jQuery 3.6.4
Generated the Dynamic nonce numbers and applied nonce for inline scripts
Ajax calls replaces with Jquery get/post methods.
Removed all styles and replaced them with bootstrap classes.
Onclik and Onchanges events replace with javascript addevent-listeners.
Added the Unsafe prefix in the configuration (waiting for the Kendo 2023 R1 version)

Recently we got a new version of Telerik R1 2023, Replaced the below files for Upgrade.

Kendo.mvc.dll
kendo.aspnetmvc.js
kendo.all.min.js

we tried with new changes of kendo, without Unsafe prefix but it's throwing dynamic script errors, kendo-controls also not working. Our assumption is there are dynamic inline script Generations for Kendo controls which not contains nonce which may cause an issue. We also tried with Deferred-Script but no use. we are facing console issues related to Style and Scripts. Help me out. Thanks.

Answers (1)

generate token by passing private key and jsonstring

not able to prevent linkbutton multiple click event