Problem with Content Security Policy on Sidekiq WEB

[durcak]

Gem version: 3.0.3
sidekiq version: 7.2.1
rails version: 7.1.3

Hi, I have a problem on sidekiq statuses page with not working statuses and per page filters and browser throws console errors:

Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.

Refused to execute a script for an inline event handler because 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.

All works fine in past years, I do not know if its stop working after rails update or other gems updates or new browsers CSP rescrictions.

Thanks for help.

[grdmnt]

Might be due to sidekiq 7.2.0's update re: unsafe-inline scripts.

sidekiq/sidekiq#6074

[grdmnt]

I took a look at the code related to this. There's a script tag inside statuses.erb that we need to remove and move to its own file. However, attempting to do this, I'm not entirely sure how we can add additional javascript files into Sidekiq's static routes.