TabStrip is not CSP compliant when the Selected() API configuration is enabled

Progress® Telerik® UI for ASP.NET Core Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Completed

Last Updated: 31 May 2024 06:09 by ADMIN

Release 2024 Q3 (Aug)

Mark

Created on: 30 May 2024 12:55

Category: UI for ASP.NET Core

Type: Bug Report

TabStrip is not CSP compliant when the Selected() API configuration is enabled

Bug report

TabStrip is not CSP compliant when the Selected() API configuration is enabled.

Reproduction of the problem

Create an application with CSP headers
Create a TabStrip and set the Selected() API configuration for one of the items

@(Html.Kendo().TabStrip()
    .Name("tabstrip")
    .Items(items =>
    {
        items.Add().Text("Details")
		.Selected(true)
		.LoadContentFrom("Details", "Home", Model);
    
    })
)

Current behavior

Setting the Select() API configuration will lead to the following Content Security Policy Header Report Error.

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Expected/desired behavior

Setting the Select() API configuration should not lead to a Content Security Policy Header Report Error.

Environment

Kendo UI version: 2024.2.514
Browser: [all]

0 comments

Create an account Log In

View

Type

Status