1

I recently added Google AdSense to my website and the ads works fine, expect sometimes they don't load and I get the following errors in the console

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Either the 'unsafe-inline' keyword, a hash ('sha256-xxx'), or a nonce ('nonce-...') is required to enable inline execution.

From what I've read I need to added the CSP in my HTML headers, but doesn't seem to fix the problem.

Any tips?

Gregory Wullimann
  • 528
  • 5
  • 22

1 Answers1

0

TRY1

This discussion could help to get access to the site with the following snippet:

script-src 'self' http://xxxx 'unsafe-inline' 'unsafe-eval';

TRY2

This documentation will show you how to define the policy with:

Content-Security-Policy: script-src 'self' https://apis.google.com

Hope that will help and you question is answered. Give it a shot, cheers! :)

Ole Pannier
  • 3,208
  • 9
  • 22
  • 33
  • 1
    I would NOT recommend the first solution here, that basically removes the whole point of a CSP. The second solution is a little bit better, it opens up scrips from the Google API domain. – A13X Aug 19 '21 at 23:46
  • 1
    You are totally right! Try 1 was considered to get it run in the first place. Keeping your comment will help to go with Try 2. Thanks for contributing! – Ole Pannier Aug 20 '21 at 10:12