4

I m trying to load an external popup form created with a third-party tool. I keep getting this error about CSP violations. Thing is I can load them correctly locally and they are only blocked when I deploy them on my provider's server. I dont know where these policies are coming from since I havent defined anything in .htaccess file (PHP web app with codeigniter) I checked all the relevant answers but nothing worked for me.

Refused to load the script because it violates the following Content Security Policy directive

because it violates the following Content Security Policy directive: "style-src 'self'"

I also tried several versions of <meta http-equiv="Content-Security-Policy" but again no luck.

enter image description here

panipsilos
  • 2,219
  • 11
  • 37
  • 53
  • did you try to read the answers to this question? https://stackoverflow.com/questions/31211359/refused-to-load-the-script-because-it-violates-the-following-content-security-po – AndrePliz Oct 02 '17 at 14:44
  • 1
    Yep I read all similar answers in stackoverflow. Nothing worked for me. As if the csp rules are imposed/overriden by the server settings? Is this possible? I asked my provider but they couldnt help either – panipsilos Oct 02 '17 at 15:34
  • 1
    Is the document served with a Content-Security-Policy HTTP response header? If so, you can’t use a meta element in the document to set a policy that overrides the policy in that Content-Security-Policy header; instead to update the policy you must change the value of that header. You need for the policy to be `style-src 'self' https://assets.privy.com https://downloads.mailchimp.com 'unsafe-inline'` (though note that any time you’re putting 'unsafe-inline' into a CSP, you basically might as well not be specifying a CSP policy at all — because 'unsafe-inline' defeats the entire purpose of CSP…) – sideshowbarker Oct 02 '17 at 17:15
  • 1
    https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy – Francesco Borzi Jun 12 '20 at 11:17

1 Answers1

-1

It needs to be fixed on the server side. Please update the policy on server.

naman kumar
  • 19
  • 4