Dash CSP security issue

Hi i have created a website in dash and deployed in IIS but the problem is as per security policy i have to enable Contect Security Policy(CSP) .After enabling CSP the page doesnt load.I could see only the Loading thing.Any Help in this.

1 Like

Hey, could you explain how you managed to deploy your dash app with IIS, ive had the challenge to achieve that but couldnt get it to work for some reason.

Hi @Saitharun9
Did you figure this out? I’m facing the same issue i.e. testing locally when I enable nginx directive

add_header Content-Security-Policy "default-src 'self'; script-src localhost ; style-src localhost https://fonts.googleapis.com https://stackpath.bootstrapcdn.com;  ";

It fails with

Refused to apply inline style at webpack:///node_modules/style-loader/lib/addStyles.js:368

Wondering where addStyles.js is coming from though - I can’t find it in https://github.com/plotly/dash

P.S: This is my first stab at a “web” app and HTML, CSS, Javascript, React JS, webpack, Babel, Flask, Werkzeug - I’m feeling dizzy :crazy_face: