0

I am new to Play Framework and i was attempting to put the jquery CDN to my play application. Every time I put any kind of CDN into my view files (scala.html extension) i keep getting a CSP error saying: 

Refused to load the script 
'https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js' because 
it violates the following Content Security Policy directive: "default-src 
'self'". Note that 'script-src' was not explicitly set, so 'default-src' is 
used as a fallback.

I referred How does Content Security Policy work? and added the meta tag elements accordingly and also referred the http://content-security-policy.com/
but still could not get it to work.

I would really appriciate if anyone could help me out. Thankyou in advance!

Suleka_28
  • 2,761
  • 4
  • 27
  • 43

2 Answers2

1

I think the problem is in the application.conf file, where you don't have setup correctly the parameter play.filters.headers.contentSecurityPolicy.

For reference see this page

Luca T.
  • 1,641
  • 1
  • 14
  • 18
  • You are correct, that was the problem. I figured it out a little late, it was stupid of me to not check the application.config file first. – Suleka_28 Jan 07 '18 at 06:38
0

Luca T.'s answer was correct. I am putting this to give a more detailed answer in case if anyone else stumbles upon the same problem.

To get the CSP error to go away i had to add:

contentSecurityPolicy = null

in the application.conf file's 'play.filters.headers' section as shown below:

enter image description here

NOTE: It is not good for the security of the application, but if you are just trying to make a simple application, this gets the job done.

Suleka_28
  • 2,761
  • 4
  • 27
  • 43