Note: This impact is only related to Modern Forms, List Actions and Automation Actions
Table of contents
Content Security Policy
Content Security Policy (CSP) is a security feature that helps prevent against various attack vectors, including cross-site scripting (XSS), clickjacking, and other code injection attacks. CSP enables a site to control which resources a page is allowed to load.
When the browser detects a CSP violation, it logs it to the console:
Generate Word document action
Due to CSP, Generate Word document action in Modern Forms/List Actions/Automation Actions may suddenly stop generating documents. To resolve this issue, follow one of next options:
Option 1 - Update Solution Studio add-in (recommended)
- Update Solution Studio modern add-in to version 1.3.112 or later
- If you are using deployment
- Create a new package
- Update a deployment
Option 2 - Add Trusted Script Sources
-
Manually add the following entry into Trusted script sources in SharePoint admin center by this URL: https://yourtenant-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/contentSecurityPolicy
https://cdn-prod-sbsolution-classicaddins.skybow.com
External script references
Due to CSP, External script usage in Modern Forms/List Actions/Automation Actions may stop loading scripts. To resolve this issue, follow one of next options:
- If you are using /// <reference path="path-to-js-file" />, you need to update Solution Studio modern add-in to version 1.3.112 or later
Note: If you are using external URL (For example: https://cdn.jsdelivr.net/npm/signature_pad@2.3.2/dist/signature_pad.min.js) you need to add this URL into Trusted Script Sources in SharePoint admin center by this URL: https://yourtenant-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/contentSecurityPolicy
- Do not use 'LoadSodKey'. This method adds script inline and will be blocked by CSP. Instead, use script reference in the following format /// <reference path="path-to-js-file" />