Skip to Content
0
Jul 28, 2019 at 06:07 PM

How to fix Fiori Launchpad display error “Refused to execute inline script …”

457 Views

Hi Experts,

I have a problem with the generated Fiori Launchpad.

I created a new "SAP Fiori Launchpad Site Module" inside of an "Multi Target Application" project from the WebIde on "SAP HANA© XS Advanced Runtime on premise" (docker image store/saplabs/hanaexpressxsa:2.00.036.00.20190223.1) but I get this error after I deploy the application and try to access using Chrome(Version 75.0.3770.142) or Firefox(68.0.1 (64-bit)browser:

Refused to execute inline script because it violates the following Content Security Policy directive (see full error bellow)

Steps to reproduce the issue:

  1. Create a new "Multi-Target Application Project" in the WebIde
  2. Add a new "SAP Fiori Launchpad Site Module" to the application
  3. Build the application
  4. Deploy the application on SAP HanaXSA instance

Try to access the Fiori Launchpad
I expected the Demo Fiori Site to be displayed, but instead an empty page is displayed and in the browser console the following errors are displayed:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://hxehost:51036 https://sapui5.hana.ondemand.com". Either the 'unsafe-inline' keyword, a hash ('sha256-NgEjsBnwasEV3qUuFB3e//lUSMnxA7QXX71JM5aiVDU='), or a nonce ('nonce-...') is required to enable inline execution. 

sites:11 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://hxehost:51036 https://sapui5.hana.ondemand.com". Either the 'unsafe-inline' keyword, a hash ('sha256-4HLEOQTTt5/QjdzyAx+0u3MGo5aetBm29vv3z8YAFuE='), or a nonce ('nonce-...') is required to enable inline execution. 

sites:108 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://hxehost:51036 https://sapui5.hana.ondemand.com". Either the 'unsafe-inline' keyword, a hash ('sha256-weH3XITqj/IJEeUfXbDsdCe+LEtDyDiafcdwfH3Aumw='), or a nonce ('nonce-...') is required to enable inline execution.

Is there any work around for this?