Content Security Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified
I have specified header
header("Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval';");
?> Why Firefox is still showing me this errors?
Gekozen oplossing
By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:
https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/
Dit antwoord in context lezen 👍 1Alle antwoorden (4)
Do you have a script-src directive anywhere? If not, I wonder whether those messages could be coming from an add-on.
Hello, thanks for your time! What do you mean by that? I have few <script src=...></script> in my document body. And inline js too.
And also I have <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'"> in the document's <head>
Why do I see this warnings anyway? I'd like to get rid of them.
Gekozen oplossing
By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:
https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/
Yes! Google Maps iframe. Thanks!