Mar 02, 2017, 5:39 PM
[CLOSED] enabling Content-Security-Policy causes errors in loading scripts
I am gettying the following errors when chrome tries to load/evaluate the ext dynamic javascript files.
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src https: http:". Either the 'unsafe-inline' keyword, a hash ('sha256-cUtUA2GBdi4dtncTW7Pr5W2p1T9OmZosgcgFNgCzPx0='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
init @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
fireDocReady @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
onReadyEvent @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src https: http:". Either the 'unsafe-inline' keyword, a hash ('sha256-fFRHI5PNmrz9bPtAXUqdfDkfYAkipB2P2SyE1YJJrZc='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
init @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
fireDocReady @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
onReadyEvent @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
Do I need to able safe in-script in the CSP or do you know of any other way to get pass this issue?
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src https: http:". Either the 'unsafe-inline' keyword, a hash ('sha256-cUtUA2GBdi4dtncTW7Pr5W2p1T9OmZosgcgFNgCzPx0='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
init @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
fireDocReady @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
onReadyEvent @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src https: http:". Either the 'unsafe-inline' keyword, a hash ('sha256-fFRHI5PNmrz9bPtAXUqdfDkfYAkipB2P2SyE1YJJrZc='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
init @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
fireDocReady @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
onReadyEvent @ WebResource.axd?d=L0mxpAjwYlGvMJDaFVU-6ixI4xFFQOHpU_QE6HPajUhxndKhBxEIdqifio1RHHYttc2qUU mRGjss9QemY…:18
Do I need to able safe in-script in the CSP or do you know of any other way to get pass this issue?
Last edited by fabricio.murta; Apr 21, 2017 at 5:22 PM.
Reason: no user feedback for 7+ days