Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Content Security Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified

  • 4 uphendule
  • 1 inale nkinga
  • 6318 views
  • Igcine ukuphendulwa ngu somename5733

more options

I have specified header

header("Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval';");

?> Why Firefox is still showing me this errors?

Ama-screenshot ananyekiwe

Isisombululo esikhethiwe

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:

https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/

Funda le mpendulo ngokuhambisana nalesi sihloko 👍 1

All Replies (4)

more options

Do you have a script-src directive anywhere? If not, I wonder whether those messages could be coming from an add-on.

more options

Hello, thanks for your time! What do you mean by that? I have few <script src=...></script> in my document body. And inline js too.

And also I have <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'"> in the document's <head>

Why do I see this warnings anyway? I'd like to get rid of them.

more options

Isisombululo Esikhethiwe

By any chance, do you have a Google Map embedded in that page? I ask because similar messages were mentioned in this thread:

https://www.reddit.com/r/firefox/comments/fpptyj/firefox_content_security_policy_console_output/

more options

Yes! Google Maps iframe. Thanks!