Questions tagged [csp]

Use the tag content-security-policy instead

CSP questions have been answered with the "content-security-policy" tag for years and should be asked there instead.

60 questions

votes

0 answers

Angular v16 Project Build Fails when ngCspNonce value is added to app-root

I created a new project using angular cli 16.1.1 to test the new CSP styling nonce injection feature. I am able to serve the application ng serve and adding the header to both the

node.js angular csp

asked Jun 26 '23 at 05:44

Liam Sparling

vote

2 answers

Why are FQDN (ending with a dot) not working in CSP?

I have a FQDN in my CSP: The source list for the Content Security Policy directive 'img-src' contains an invalid source: 'xxx.de.'. It will be ignored. This is my csp: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.xxx.de;…

fqdn csp

asked Aug 27 '23 at 10:06

Grim

1,938
10
56
123

vote

1 answer

htaccess Content-Security-Policy/CSP headers blocked

I am trying to set the Content-Security-Policy/CSP headers in the .htaccess file. But, its getting blocked for some reason in both development and production environments. The same thing is happening for the .css and other sources like…

.htaccess header blocked csp

asked Jun 10 '23 at 06:44

Mr.Singh

1,421
6
21
46

vote

0 answers

How to properly use CSP with Angular 16?

Following the Angular security guide I'm attempting to use CSP in my Angular application but I'm having difficulties with two parts. First any styles included via the angular.json configuration file seem to become inlined when running ng build.…

angular csp

asked May 17 '23 at 10:51

Robba

7,684
12
48
76

vote

0 answers

chrome Extension manifes tV3 error - violates the following Content Security Policy directive

I am trying to send data to server in the jsonp method from the chrome extension I am developing. However, it worked fine in manifest V2, but the following error occurs in manifestV3. Please help me. Refused to load the script…

jsonp csp

asked May 11 '23 at 08:12

sys090407

vote

0 answers

FireFox - None of the "sha384" hashes in the integrity attribute match the content of the subresource (Content Security Policy - CSP issue)

This seems to be a very old issue affecting Firefox. The SHA384 generated for the javascript example.js is working fine with Google Chrome, Microsoft Edge (Chromium based), and Opera, but it does not work with the latest Firefox release (ver.…

javascript hash content-security-policy sha csp

asked May 07 '23 at 19:22

Goemon Code

vote

2 answers

Stripe error : Refused to execute inline script because it violates the CSP

i've got a problem witch an application build with VueJS3 front side and Symfony on the backend.I am using to proceed paiement and others transactions. When the client makes an order, an AJAX http request goes to my api, and ma STRIPE custom class…

php vue.js stripe-payments csp

asked May 06 '23 at 17:07

Frédéric Gruwé

votes

1 answer

Firefox blocks page loading due to CSP issues - Angular app

I am trying to load the page from testing server where I deployed my app. Internal url is something like this: https://172.31.11.137/plugin3000/dashboard But when I go to the page it is completely blank and in dev console see the following…

angular typescript firefox csp

asked Aug 31 '23 at 10:15

gzapate

votes

0 answers

Django smart select doesn't work with Django CSP

I admit that I am truly a beginner in this area. I made a database driven website with django. Models.py: from django.db import models from smart_selects.db_fields import ChainedForeignKey # Create your models here. class Company(models.Model): …

python django csp django-smart-selects

asked Aug 31 '23 at 09:36

GM02

votes

0 answers

CSP style src remediation for asp control default inline styling

Asp:Image/ treeview renders default inline styling may be framework behaviour, which gives console error for csp. Don't want to use hash/ sha value, unsafe-inline,unsafe-src in csp tag. How to remove this default styling or any way to allow this…

inline csp

asked Aug 30 '23 at 16:14

Latha Km

votes

0 answers

Blocked 'frame-ancestors'

I have set CSP_FRAME_ANCESTORS = ("*", ) in my Django application. But still, I am seeing Blocked 'frame-ancestors' in logs. Am I missing something here?

django csp

asked Aug 29 '23 at 05:27

yogesh

votes

1 answer

Can't frame https://xxx-my.sharepoint.com because an ancestor violates

I got this error when I tried to (i)frame sharepoint.com : Refused to frame 'https://xxx-my.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com…

iframe apache2 sharepoint-online excel-online csp

asked Aug 28 '23 at 08:58

iKroZz44

votes

0 answers

SvelteKit: social media widget inline scripts fail CSP

I'm trying to add a page to my website that allows users to view all of my social media feeds in one place. All three social media sites that I'm using (Facebook, Instagram and Pinterest) offer widgets that make this process very easy; however, the…

widget svelte sveltekit csp inline-scripting

asked Aug 28 '23 at 00:18

jrfii

votes

1 answer

Content Security Policy (CSP) error while load base64 image in web page

In my React web app, I need to implement an image cropper feature. To achieve this, I utilize a file input tag to allow users to select an image file. I then display this selected image using a data URL. Everything functions correctly on localhost.…

reactjs azure react-tsx csp

asked Aug 23 '23 at 04:59

Arunabh Puliyampatta

votes

0 answers

correct CSP for phpMyAdmin with OpenLiteSpeed

Not able to access phpMyAdmin after installation on AWS EC2 with Ubuntu with openLiteSpeed I have been trying various configurations of CSP headers and get the below with this set: set Content-Security-Policy default-src http:; style-src 'self'…

ubuntu phpmyadmin content-security-policy openlitespeed csp

asked Aug 23 '23 at 03:25

Marlon Montgomery

2 3 4 Next