Content Security Policy error - violating directive: script-src 'self'
I have been trying to use a Google programmable search engine script, but I am having trouble with the content security policy.
The tag I have included in my <head> is as follows:
<meta http-equiv="Content-Security-Policy" content="script-src *.google.com 'self';">
I am getting an error telling me it refused to load the script because it violates the "content-security-policy directive: "script-src 'self'""
I am wondering whether it inherits some sort of settings from somewhere else, as it doesn't accept the new script-src I am setting, but it does accept the new script-src if I set it to 'none'.
Looks like you have 2 Content-Security-Policy issued. If multiple CSPs the strictest rules from both will apply (all sources/tokens should pass via both CSPs unscratched).
Content Security Policy could be delivered 2 ways:
- via HTTP header
Content-Security-Policy:(prefereed) - via meta-tag (restricted possibilities)
So you need to check for double <meta http-equiv="Content-Security-Policy" in the HTML code.
And check the HTTP response headers(because CMS could publush CSP by default) in the browser developers tool (Crtl+Shift+i in Chrome and Crtl+Shift+k in Fifrefox -> Network tab -> select main page at the left window and look Response headers):
- How do I add a default text to the beginning of an html text area?
- ES2015 import doesn't work (even at top-level) in Firefox
- Can I force a page break in HTML printing?
- Why HTML <button type="submit" >doesn't work with internet explorer?
- CSS Is Not Importing into HTML
- Set the default value of an input field
- How to force background image to stretch/compress to fit div, without keeping aspect ratio
- How to render raw html in the PyHTML library
- HTML CSS Layout breaks with parent of floated elements
- How does the "position: sticky;" property work?
- Content Security Policy error - violating directive: script-src 'self'
- Navigation arrows are not showing
- Fixing Border Radius in Safari?
- How to show the date picker if I click the parent div after explictly hiding the date type input in React?
- Array of data showing in console but not in HTML after passing it through dialog in Angular project
- Puppeteer.page.waitForSelector timeouts, even though the element is present
- How can I allow document.domain on a sandboxed iframe?
- problems with my button background color and hover and active states
- Ignore html tags in preg_replace
- Append element as sibling after element?
- React.js: Set innerHTML vs dangerouslySetInnerHTML
- How do I auto scroll in Angular?
- Button click not showing/hiding content
- Will browser pull from cache if the same resource is being requested by a different origin?
- filter file upload for only text files
- Correct XPath query to fetch div inner text
- How to select(highlight) and copy ordered list numbers
- Why javascript is not loading for document.readyState==="complete"
- Set the background color of the entire webpage (the browser's window)
- HTML/CSS Flip Card Works on Desktop but not Mobile