X
Tap here to go to the mobile version of the site.
Scheduled maintenance: Thursday, April 2, between 3pm and 5pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Fóram Tacaíochta

Content Security Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified

Postáilte

I have specified header

header("Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval';");

?> Why Firefox is still showing me this errors?

I have specified header <?php header("Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval';"); ?> Why Firefox is still showing me this errors?
Attached screenshots

Réiteach roghnaithe

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:

https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/

Read this answer in context 1
Luaigh

Tuilleadh mionsonraí faoin chóras

Feidhmchlár

  • User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0

Tuilleadh Eolais

jscher2000
  • Top 10 Contributor
8952 réiteach 73370 freagra

Do you have a script-src directive anywhere? If not, I wonder whether those messages could be coming from an add-on.

Do you have a '''script-src''' directive anywhere? If not, I wonder whether those messages could be coming from an add-on.
An bhfuil an freagra seo cabhrach?
Luaigh

Úinéir na ceiste

Hello, thanks for your time! What do you mean by that? I have few <script src=...></script> in my document body. And inline js too.

And also I have <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'"> in the document's <head>

Why do I see this warnings anyway? I'd like to get rid of them.

Hello, thanks for your time! What do you mean by that? I have few <script src=...></script> in my document body. And inline js too. And also I have <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'"> in the document's <head> Why do I see this warnings anyway? I'd like to get rid of them.
An bhfuil an freagra seo cabhrach?
Luaigh
jscher2000
  • Top 10 Contributor
8952 réiteach 73370 freagra

Réiteach Roghnaithe

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:

https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread: https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/
An bhfuil an freagra seo cabhrach? 1
Luaigh

Úinéir na ceiste

Yes! Google Maps iframe. Thanks!

Yes! Google Maps iframe. Thanks!
An bhfuil an freagra seo cabhrach?
Luaigh
Cuir ceist

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.