meter element causing CSP violations

Duplicate Issue #10050890 • See Issue #7153360

Details

Author
Sebastian M.
Created
Dec 3, 2016
Privacy
This issue is public.
Found in
  • Microsoft Edge
Duplicates
See progress on Bug #7153360
Found in build #
38.14393
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

The HTML5 meter element is causing CSP violations if inline-style is not a permitted source. My Apache server is configured to set the CSP header using:

Header always set Content-Security-Policy "default-src 'none’; script-src 'self’; connect-src 'self’; img-src 'self’; style-src ‘self’ https://fonts.googleapis.com; font-src ‘self’ https://fonts.gstatic.com"`

With this setting, the meter elements are not styled correctly and the console displays two CSP14312 warnings for each meter element.

The versions I use are Microsoft Edge 38.14393.0.0, Microsoft EdgeHTML 14.14393 under Windows 10 Pro Version 1607 Build 14393.447.

You can see the problem in action by visiting https://smares.de/

I am not sure if this is a duplicate of #7153360 which is marked as closed.

Attachments

1 attachment

Comments and activity

  • Microsoft Edge Team

    Changed Assigned To to “Brad E.”

    Changed Status to “Duplicate”

  • }This bug has marked as duplicate. Please follow the parent issue to get new updates.

You need to sign in to your Microsoft account to add a comment.

Sign in