Applying inline style violates the following Content Security Policy directive ‘style-src ‘self’ *.walkme.com’. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-leQHcxw9u83S0Pw2HIZwHik0+L3X8Pa1uudbMn1RYXM=’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present. The policy is report-only, so the violation has been logged but no further action has been taken.
Hello @Pravin_Gorad,
Thanks for reaching out!
DHTMLX Gantt relies on inline styles to position and size tasks, scales, and other elements at runtime (e.g., pixel-precise left, width, height values computed from your data and configuration). This is fundamental to how the component renders and cannot be replaced with static CSS classes.
Currently, there is no built-in solution for using Gantt in environments where inline styles are restricted by CSP. We have a feature request logged to address this in the future.
Since your policy is currently in report-only mode, Gantt should still render correctly. However, if you enforce the policy, the layout will break. How to handle this limitation on your end is up to your team to decide based on your security requirements.
Best regards,
Valeria Ivashkevich
DHTMLX Support Engineer