vendor.bundle.js violates Content Security Policy directive trusted-types
See original GitHub issueWhen using lighthouse on a website that enforces a Content Security Policy (CSP) that includes the trusted-type directive as follows:
content-security-policy: trusted-types; require-trusted-types-for 'script'
the following error is show in Chrome’s console:
Refused to create a TrustedTypePolicy named 'dompurify' because it violates the following Content Security Policy directive: "trusted-types ".
W @ vendor.bundle.js:163
e @ vendor.bundle.js:163
(anonymous) @ vendor.bundle.js:163
31699 @ vendor.bundle.js:163
r @ content.bundle.js:62
17605 @ content.bundle.js:31
r @ content.bundle.js:62
48269 @ content.bundle.js:1
r @ content.bundle.js:62
(anonymous) @ content.bundle.js:62
r.O @ content.bundle.js:62
(anonymous) @ content.bundle.js:62
(anonymous) @ content.bundle.js:62
vendor.bundle.js:163 TrustedTypes policy dompurify could not be created.
W @ vendor.bundle.js:163
e @ vendor.bundle.js:163
(anonymous) @ vendor.bundle.js:163
31699 @ vendor.bundle.js:163
r @ content.bundle.js:62
17605 @ content.bundle.js:31
r @ content.bundle.js:62
48269 @ content.bundle.js:1
r @ content.bundle.js:62
(anonymous) @ content.bundle.js:62
r.O @ content.bundle.js:62
(anonymous) @ content.bundle.js:62
(anonymous) @ content.bundle.js:62
Issue Analytics
- State:
- Created 2 years ago
- Comments:12 (5 by maintainers)
Top Results From Across the Web
Content Security Policies - webpack
webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable...
Read more >How to fix 'because it violates the following content security ...
Refused to execute inline script because it violates means that inline Javascript was blocked. Inline javascript includes <script> tags and onevent handlers < ......
Read more >CSP: trusted-types - HTTP - MDN Web Docs
This directive declares an allowlist of trusted type policy names created with trustedTypes.createPolicy from Trusted Types API. Syntax. Content-Security-Policy ...
Read more >Prevent DOM-based cross-site scripting vulnerabilities with ...
Introducing Trusted Types: a browser API to prevent DOM-based cross-site scripting in modern web applications.
Read more >Violation of Content Security Policy directive - Stack Overflow
In my full-stack project (server-side rendered) I have my bundle.js file which I am ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@dylanb , I created issue https://github.com/dequelabs/axe-core/issues/3301
@paulirish in total contrast to a jerk, we thank you for all of the things you and your team have done to move axe-core forward - thanks and keep pushing us!!