These rules are called a Content Security Policy (CSP). They help stop malicious code from running on your pages.
Who this may affect
- Modern Script Editor (MSE) – Pages that use this web part may be affected if they run scripts directly on the page (inline scripts). Last year we provided an updated MSE and a central script repository that is built for this.
- React Content Query Directory web part – This is often used on document directory pages such as iWorkplace™ Controlled Documents and Working Here.
What you might notice
These site pages often include a web part which has included a script within the handlebar and javascript functionality to support the + expand/collapse (accordion). You may notice that this accordion functionality has stopped working.
What to do
- Avoid inline scripts where possible.
- Move scripts into a secure, central script repository.
- If a page feature has stopped working, contact us and we will help you update it.
Optional: delay enforcement (90 days)
There is an option to delay enforcement until 1st June using PowerShell if required. This should be a temporary option while updates are made.
Learn more
Microsoft guidance: https://techcommunity.microsoft.com/blog/spblog/sharepoint-online-content-security-policy-csp-enforcement-dates-and-guidance/4472662
.svg)
