we are working to fix the issue with Kendo-CSP for ASP.Net MVC with jQuery Kendo UI. In our application currently, we are using Kendo grids, dropdowns, and popups. Initially, we implemented the below changes for CSP.
- Update to jQuery 3.6.4
- Generated the Dynamic nonce numbers and applied nonce for inline scripts
- Ajax calls replaces with Jquery get/post methods.
- Removed all styles and replaced them with bootstrap classes.
- Onclik and Onchanges events replace with javascript addevent-listeners.
- Added the Unsafe prefix in the configuration (waiting for the Kendo 2023 R1 version)
Recently we got a new version of Telerik R1 2023, Replaced the below files for Upgrade.
- Kendo.mvc.dll
- kendo.aspnetmvc.js
- kendo.all.min.js
we tried with new changes of kendo, without Unsafe prefix but it's throwing dynamic script errors, kendo-controles not working. Our assumption is there are dynamic inline script Generations for Kendo controls which not contains nonce which may cause an issue. We also tried with Deferred-Script but no use. we are facing console issues related to Style and Scripts. Help me out. Thanks.