Hilfe durchsuchen

Content Security Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified

  • 4 Antworten
  • 1 hat dieses Problem
  • 134 Aufrufe
  • Letzte Antwort von somename5733

more options

I have specified header

header("Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval';");

?> Why Firefox is still showing me this errors?

Angefügte Screenshots

Ausgewählte Lösung

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:

https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/

Diese Antwort im Kontext lesen 👍 1

Alle Antworten (4)

more options

Do you have a script-src directive anywhere? If not, I wonder whether those messages could be coming from an add-on.

Hilfreich?

more options

Hello, thanks for your time! What do you mean by that? I have few <script src=...></script> in my document body. And inline js too.

And also I have <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'"> in the document's <head>

Why do I see this warnings anyway? I'd like to get rid of them.

Hilfreich?

more options

Ausgewählte Lösung

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:

https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/

Hilfreich?

more options

Yes! Google Maps iframe. Thanks!

Hilfreich?

Stellen Sie eine Frage

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.