Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Content security policy violation

See original GitHub issue

This line requires inline script execution in production mode and shows error in the browser console. The error can be silenced by enabling ‘unsafe-inline’ to script-src in content security policy but this will make the whole application unsafe.

Issue Analytics

State:
Created 7 years ago
Comments:11

Top GitHub Comments

1reaction

musaffacommented, Nov 28, 2016

@JoshSmith Not yet.

1reaction

musaffacommented, Nov 3, 2016

Nonce and SHA hash are ways to do this job. But their implementations can be a bit difficult.

My custom implementation is way simpler and does the job that I need. I will need to see if the code can be extracted for the addon.

Top Results From Across the Web

Content Security Policy (CSP) - HTTP - MDN Web Docs

Chrome Edge Content‑Security‑Policy Full support. Chrome25. more. Toggle history Full sup... base‑uri Full support. Chrome40. Toggle history Full sup... block‑all‑mixed‑content. Deprecated Full support. ChromeYes. Toggle history...

How to fix 'because it violates the following content security ...

'because it violates the following content security policy directive' is a browser error message that occurs when Content Security Policy is blocking a ......

Content security policy - web.dev

Content Security Policy can significantly reduce the risk and impact of ... Report policy violations to your server before enforcing them.

Content Security Policy Level 3 - W3C

This document defines Content Security Policy (CSP), a tool which developers can use to lock down their applications in various ways, mitigating ...

Content-Security-Policy Header CSP Reference & Examples

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load....