Content Security Policy blocks inline execution of scripts and stylesheets
The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets.
To solve this, move all inline scripts (e.g. onclick=[JS code]) and styles into external files.
Allowing inline execution comes at the risk of script injection via injection of HTML script elements. If you absolutely must, you can allow inline script and styles by:
adding unsafe-inline as a source to the CSP header
adding the hash or nonce of the inline script to your CSP header.
2 directives
1.
Directive
Element
Source location
Status
script-src-elem
agents:187
blocked
script-src-elem
agents:187
report-only
Learn more: Content Security Policy - Inline Code
Content Security Policy of your site blocks the use of 'eval' in JavaScript`
The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.
To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.
If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.
Allowing string evaluation comes at the risk of inline script injection.
After I deleted the fleet server policy and uninstalled the corresponding agent, I reinstalled the agent and could see the agent in the fleet agent overview. Then I edited the policy and added an auditd integration, which made the agent disappear from the overview.
This is the problem, there is a current issue in Kibana related to version-specific agent policies, if an Agent Policy has an integration that will lead to the creation of version-specific policies, this may have some impact in some places.
The Auditd integration is one of the integrations that will lead to the creation of version-specific policies.
Until this is fixed in Kibana you need to remove the Auditd integration for things work well.
This is a known Kibana UI bug. If your Fleet Server is online via the API, it's working correctly. The CSP warnings are likely unrelated. If your agent policy includes the Auditd integration, try removing it—it's known to trigger this issue with version-specific policies. The agent should reappear until Elastic releases a fix.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.