Unrecognized Content-Security-Policy directive 'require-trusted-types-for'
See original GitHub issueDescribe the bug
The directive 'require-trusted-types-for'
is legit, but it says unrecognized CSP directive.
To Reproduce Steps to reproduce the behavior:
- Go to web.dev
- Test https://aashutosh.dev
- In report click on best practices.
- It shows this error.
Expected behavior
I think no browser error should log (due to 'require-trusted-types-for'
) while web.dev is visiting the site for report generation.
Screenshots
PS: Please correct me if I misinterpreted something completely.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
CSP: require-trusted-types-for - HTTP - MDN Web Docs
The HTTP Content-Security-Policy (CSP) require-trusted-types-for directive instructs user agents to control the data passed to DOM XSS sink ...
Read more >Unrecognized Content-Security-Policy directive 'require ...
The directive 'require-trusted-types-for' is legit, but it says unrecognized CSP directive. To Reproduce Steps to reproduce the behavior: Go to ...
Read more >Unrecognized Content-Security-Policy directive - Stack Overflow
Got a similar error on Chrome v 48.0.2564.116 m "Unrecognized Content-Security-Policy directive 'frame-ancestors'.
Read more >Unrecognized Content-Security-Policy directive how to fix ...
If the Unrecognized Content-Security-Policy directive error is caused by the deprecated directive, this directive must be removed from the Content Security ...
Read more >QWebEngine: Unrecognized Content-Security-Policy directive ...
the WebEngine logs a Unrecognized Content-Security-Policy directive 'require-trusted-types-for' error message and the web site rejects the login. This can be ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
The article indicates they’re supported in Chrome 83. Stable is still 81. It’s very possible chrome stable emits this browser error into the console. (Not ideal, but that’s how it goes sometimes… forward compat is hard.)
This isn’t a Lighthouse error, though. We’re just reporting that Chrome’s console has errors in it.
If the console logged it, this is coming from Chromium. I suggest making an issue on crbug.com if this doesn’t align with your expectations.
looks like it’s an experimental feature in chrome. https://caniuse.com/#feat=mdn-http_headers_csp_content-security-policy_trusted-types and we don’t enable experiments in the env. that powers web.dev