Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More
Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.
Solved Cartlannaithe

inaccurate content security policy

jscher2000 -... replied
CaptSpify

I believe that Firefox is inaccurately blocking a resource, however it's likely that I'm just mis-understanding how it should be set up.

I see that there is this open bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1242016 that would likely have helped me.

The issue:

It looks to me that my Content Security Policy header settings here are correct: https://thekyel.com/

Yet I get the message: "Content Security Policy: The page’s settings blocked the loading of a resource at http://thekyel.com/basic.css (“style-src https://thekyel.com https://thekyel.com”). (unknown)"

I do realize that it's more likely that my headers are indeed incorrect, but without better logging, I know of no other way to diagnose the issue.

Let me know if I am mistaken, or where I can investigate more

(I have disabled all addons)

I believe that Firefox is inaccurately blocking a resource, however it's likely that I'm just mis-understanding how it should be set up. I see that there is this open bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1242016 that would likely have helped me. The issue: It looks to me that my Content Security Policy header settings here are correct: https://thekyel.com/ Yet I get the message: "Content Security Policy: The page’s settings blocked the loading of a resource at http://thekyel.com/basic.css (“style-src https://thekyel.com https://thekyel.com”). (unknown)" I do realize that it's more likely that my headers are indeed incorrect, but without better logging, I know of no other way to diagnose the issue. Let me know if I am mistaken, or where I can investigate more (I have disabled all addons)

All Replies (3)

Réiteach Roghnaithe

Try editing the protocol on the src href attribute here since your CSP requires HTTPS:

<link rel="stylesheet" type="text/css" href="http://thekyel.com/basic.css">

Athraithe ag jscher2000 - Support Volunteer ar

Ah, derp. Thank you very much.

Is there any other resource that I can use to help me troubleshoot something like that other than looking for typos?

CaptSpify said

Is there any other resource that I can use to help me troubleshoot something like that other than looking for typos?

Hmm, better error messages in the console??

I always check for a mismatch for host names with and without www as that's a common issue with cross-site and CSP errors. Noticing the protocol was just luck, really.

One way to minimize protocol discrepancies is to change your href and src values to "//hostname/path" so the browser uses the current page's protocol for those URIs.

Athraithe ag jscher2000 - Support Volunteer ar