Search Support

Content Security Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified

  • 4 uphendule
  • 1 inale nkinga
  • 77 views
  • Igcine ukuphendulwa ngu somename5733

more options

I have specified header

header("Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval';");

?> Why Firefox is still showing me this errors?

Ama-screenshot ananyekiwe

Isisombululo esikhethiwe

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:

https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/

Funda le mpendulo ngokuhambisana nalesi sihloko 👍 1

All Replies (4)

more options

Do you have a script-src directive anywhere? If not, I wonder whether those messages could be coming from an add-on.

Helpful?

more options

Hello, thanks for your time! What do you mean by that? I have few <script src=...></script> in my document body. And inline js too.

And also I have <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'"> in the document's <head>

Why do I see this warnings anyway? I'd like to get rid of them.

Helpful?

more options

Isisombululo Esikhethiwe

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:

https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/

Helpful?

more options

Yes! Google Maps iframe. Thanks!

Helpful?

Buza umbuzo

Kufanele ulogele ukungena ku-akhawunti yakho ukuze uphendule amaphosti. Uyacelwauqale umbuzo omusha, uma ungekabi nayo i-akhawunti namanje.