Cannot load jQuery because it violates Content Security Policy [closed]

Tags: , , ,



I wrote a server on node + express. Prepared the page for rendering, wrote scripts in JS using Jquery. But Jquery can’t load the page for some reason. This is a constant case, before I wrote the ToDo application on WebSockets and I had the same error. What is the problem and how to solve it? Help please.
Error:
Refused to load the script ‘https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js’ because it violates the following Content Security Policy directive: “script-src ‘self'”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

I tried adding different meta tags from other sources, but it didn’t help.

Answer

This is one of the better error messages in that it’s fairly specific: You’ve set the Content Security Policy for the page to script-src: 'self'. The script-src policy controls what sources are valid sources for JavaScript, and self means that only sources that are the same origin as the document itself are valid.

You can fix this in one of three ways:

  1. Modify the Content-Security-Policy header being returned with the page to not include script-src: self, or

  2. Modify the Content-Security-Policy header adding https://cdnjs.cloudflare.com as as valid source (the list is space-separated), like this:

    Content-Security-Policy: 'self' https://cdnjs.cloudflare.com

    or

  3. Use a local copy of jQuery served from the same origin as the page



Source: stackoverflow