0

I am getting the following errors in Chrome. There are some similar posts describing this issue, but I could not fix it in my application:

Refused to load the script 'https://maps.google.com/maps/api/js?v=3' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google.com/jsapi https://ajax.googleapis.com https://ssl.google-analytics.com".

Refused to load the script 'https://vjs.zencdn.net/4.5/video.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google.com/jsapi https://ajax.googleapis.com https://ssl.google-analytics.com".

Refused to load the script 'https://ws.sharethis.com/api/getCount2.php?cb=stButtons.processCB&refDomain' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google.com/jsapi https://ajax.googleapis.com https://ssl.google-analytics.com".

I don't have any specific meta for the page. I have also linked all my javascript libraries in the main html as you see below.

    <script type="text/javascript" src="js/three.min.js"></script>
    <script type="text/javascript" src="js/Projector.js"></script>      
    <script type="text/javascript" src="js/ColladaLoader.js"></script>
    <script type="text/javascript" src="js/Detector.js"></script>
    <script type="text/javascript" src="js/OrbitControls.js"></script>
    <script type="text/javascript" src="js/tween.min.js"></script>
    <script type="text/javascript" src="js/stats.min.js"></script>
    <script type="text/javascript" src="js/jquery-1.11.2.min.js"></script>
    <script type='text/javascript' src='js/dat.gui.min.js'></script>
    <link rel="stylesheet" href="css/demo.css" type="text/css">
    <link rel="stylesheet" href="css/zTreeStyle/zTreeStyle.css" type="text/css">
    <script type="text/javascript" src="js/jquery.ztree.core-3.5.js"></script>
    <script type="text/javascript" src="js/jquery.ztree.excheck-3.5.js"></script>
    <link type="text/css" rel="stylesheet" href="css/style.css" />  
    <script src="https://maps.google.com/maps/api/js?v=3"></script>
    <link type="text/css" rel="stylesheet" href="css/jquery-ui.css">
    <script src="js/jquery-ui.js"></script>
    <script type="text/javascript">var switchTo5x=true;</script>
    <script type="text/javascript" src="js/buttons.js"></script>
    <script type="text/javascript">stLight.options({publisher: "0aab9c2b-5a08-4c08-bfeb-6fdc7756ab6d", doNotHash: false, doNotCopy: false, hashAddressBar: false});</script>
    <link href="https://vjs.zencdn.net/4.5/video-js.css" rel="stylesheet">
    <script src="https://vjs.zencdn.net/4.5/video.js"></script>
    <style type="text/css">.vjs-default-skin .vjs-control-bar { font-size: 89% }</style>
    <script type="text/javascript">$(document).ready(function(){$.fn.zTree.init($("#treeDemo"), setting, zNodes);});</script>
....
Vineesh
  • 3,762
  • 20
  • 37
mbehnaam
  • 401
  • 10
  • 24
  • 1
    Are you developing a chrome app or a website? – Thusitha Sep 26 '17 at 04:58
  • It is a website. – mbehnaam Sep 26 '17 at 05:15
  • In the Chrome developer tools, check for headers from the server like `Content-Security-Policy: script-src 'self' example.com;`. If you see one, it means your server is instructing the browser to only load scripts from the your site. This is normally a security feature when configured properly. See [this question](https://stackoverflow.com/questions/30280370/how-does-content-security-policy-work). – Cy Rossignol Sep 26 '17 at 05:21
  • Thanks. I fixed that by allowing the server to read from those sources. – mbehnaam Oct 15 '17 at 23:30

0 Answers0