I am using the js plugin that adds inside itself SVG images. I have added CSP policy to my website, but I can’t configure it to allow plugin’s code. Its code looks like: I am looking for a configuration that allows SVG image that is rendered in the object. I am tried different options from there – CSP: object-src. But
Tag: content-security-policy
Whitelisting inline script with csp sha-256 in firefox
I can not get whitelisting by checksum to work in firefox (52.0.2, windows). Firefox supports content security policy version 2 according to caniuse, so checksumming should be supported. When chrome blocks an inline script, it prints the needed sha-256 to console. Adding it to the csp rules successfully whitelists the script. The checksum is also identical to the one calculated
Content Security Policy not allowing form submission
Please I need assistance here. I have a form to submit to another url but when I try to submit it, it refuses to submit and I was checking my console. On Chrome, I see the following errors resources2.aspx?HCCID=75694719&culture=en-US&mlcv=3006&template=5:7 Refused to load the image ‘https://s4.mylivechat.com/livechat2/images/sprite.png’ because it violates the following Content Security Policy directive: “img-src ‘self’ data:”. Refused to send
Refused to load the script because it violates the following Content Security Policy directive
When I tried to deploy my app onto devices with Android system above 5.0.0 (Lollipop), I kept getting these kind of error messages: 07-03 18:39:21.621: D/SystemWebChromeClient(9132): file:///android_asset/www/index.html: Line 0 : Refused to load the script ‘http://xxxxx’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline'”. 07-03 18:39:21.621: I/chromium(9132): [INFO:CONSOLE(0)] “Refused to load the script ‘http://xxx’ because