I wrote a server on node + express. Prepared the page for rendering, wrote scripts in JS using Jquery. But Jquery can’t load the page for some reason. This is a constant case, before I wrote the ToDo application on WebSockets and I had the same error. What is the problem and how to solve it? Help please. Error: Refused to load the script ‘https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js’ because it violates the following Content Security Policy directive: “script-src ‘self'”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.
I tried adding different meta tags from other sources, but it didn’t help.
Advertisement
Answer
This is one of the better error messages in that it’s fairly specific: You’ve set the Content Security Policy for the page to script-src: 'self'. The script-src policy controls what sources are valid sources for JavaScript, and self means that only sources that are the same origin as the document itself are valid.
You can fix this in one of three ways:
Modify the
Content-Security-Policyheader being returned with the page to not includescript-src: self, orModify the
Content-Security-Policyheader addinghttps://cdnjs.cloudflare.comas as valid source (the list is space-separated), like this:Content-Security-Policy: 'self' https://cdnjs.cloudflare.comor
Use a local copy of jQuery served from the same origin as the page