Create React App: Refused to execute inline script

After adding a strict Content Security Policy to your Single Page App, you may encounter the following error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' XXX". Either the 'unsafe-inline' keyword, a hash ('sha256-X='), or a nonce ('nonce-...') is required to enable inline execution.

By default, Create React App injects an inline script into the HTML file it outputs. To force it to bundle this script as a separate JS file, you’ll need to prefix you build command with:

INLINE_RUNTIME_CHUNK=false

See more details here: https://create-react-app.dev/docs/advanced-configuration/

Written by

Full-stack + Product. Available for hire either as an independent contractor, or as part of a voliyo.dev team. Inquiries: mail [at] voliyo.dev.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store