Safari 10 throws Content-Security-Policy violations

Question

Safari 10 throws a CSP-style-src-Violation in spite of calling a weg page with no style attributes inside. The violation-message is:

Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' does not appear in the style-src directive of the Content Security Policy.

Test web page is: CSP test page

The only addon installed is Adblock-Plus. After removing the addon, the violation is not shown anymore. The rendered html source shows no style-attribute at all, with adblock or without.

Is there a way how to filter out these false violation messages? They are misleading.

is there a way to disable CSP check in safari? – iLeoDo Apr 29 '18 at 20:56 — iLeoDo, Apr 29 '18 at 20:56

score 0 · Answer 1 · answered Oct 27 '16 at 18:34

0

I have also faced the same issue.looks like if you mention the style directive its expecting style-src 'self' 'unsafe-inline'; hope it helps.

answered Oct 27 '16 at 18:34

Mobile User

23
2

is there a way to disable CSP check in safari? – iLeoDo Apr 29 '18 at 20:55

Safari 10 throws Content-Security-Policy violations

1 Answers1