I added a Content-Security-Policy as suggested here: https://www.electronjs.org/docs/tutorial/security#6-define-a-content-security-policy and here: https://content-security-policy.com/examples/elec...

I have a site using Bootstrap 5 that includes the following input tag: <input class="form-check-input ms-1" id="validated" name="validated" type="checkbox&quot...

When I try to execute my TypeScript + React Webpack 4 app, the code gets not executed with an error: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an ...

Is it necessary to apply the Content-Security-Policy Header to all resources on your domain (images/CSS/JavaScript) or just web pages? For example, I noticed that https://content-security-policy.co...

I need to add a nonce to the inline scripts created by webpack and I can't find any documentation on how to configure this. I've found this pr: https://github.com/webpack/webpack/pull/3210/files bu...

I'd like to allow scripts only from my local server with certain exceptions like jQuery etc., but be flexible to load external images. I'm aware that there is a directive like Content-Security-Pol...

Situation: autoreload of phonegap serve blocked by content-security-policy meta tag Adding content security policy prevents auto-reload of phonegap serve utility. This is built on top of cordova s...

I'm building a chrome extension and facing a problem related to csp. I'm using manifest V3 below is my csp "content_security_policy": { "extension_pages": "script-src 's...

Currently I'm using Modernizr on all my sites and it turns out because of how it works it requires unsafe-inline styles to be allowed. I am already not allowing inline scripts and unsafe-eval for s...

Creating a simple template electron app. I want to do a fetch request to my api but am continuously stopped by the Content Security Policy errors and I have no idea how to fix them. Refused to con...

I am creating an Electron application, and per the Electron security tutorial I have added a CSP meta tag. When running the application, this issue appears in devtools. Content Security Policy of ...

I have MVC application developed in ASP.NET MVC 4. I have using javascripts in several pages. Some of the javascripts are referenced as @Scripts.Render("~/Scripts/bootstrap") @Scripts.Render("~/Sc...

I was wondering if anyone knew of a possible way to activate Subresource Integrety with Angular-Cli. According to the following link: GitHub Pull Request It would be a feature (or a future feature)...

I have a React App using Create-React-App (react-scripts) and Material-UI. I would like to apply a strong Content-Security-Policy for my app which does not allow unsafe inline styles. I would like...

Background I have to use a Content Security Policy for a react application. The reason, that is however not of a big matter here, is, that I am creating a WebExtension/Browser Extension/add-on a...

after i uploaded my website on herokuy the images do not working and it gave me that error Refused to load the image '' because it violates the following Content Security Policy directive: "im...

<div .... style="background-color: #fff" ..... </div> How to add nonce (CSP) to this style? It is not between style tags as you see.

I have a web app which uses localStorage. Now we want to embed this web app on other (third-party) sites via iframe. We want to provide an iframe embed similar to youtube so that other websites can...

I am trying to integrate Stripe to my website, the problem is that I receive the following error: js.stripe.com/v3/hcaptcha-invisible-078b5f9fb44d244a9ec072f93a216630.html#debugMode=false&pare...

I am struggling for some days already with defining my Content-Security-Policy for my Cordova App. My first question is: Do I have to add CSP in Cordova? It seems like Cordova adds meta tag for C...

I am using CAPTCHA on page load, but it is blocking because of some security reason. I am facing this problem: Content Security Policy: The page's settings blocked the loading of a resource at ...

Suppose my website is over HTTPS and I need to load a CSS or Object resource from HTTP, how can I do this? Please note that I'm able to add Content-Security-Policy to the response headers over the...

What do frame-src and frame-ancestors do exactly? The definition shows the purpose is the same to define valid contents for frames for both directives. When to use which one? I was able to load an ...

In order to implement Content-Security-Policy, I need to pass nonce to GTM to allow tags. Using nonce-aware version of GTM snippet works great for all tag types except Custom HTML. Is there a way t...

I maintain a small website for a non-profit organization. Multiple .pdfs are available for viewing on the website. I’ve come across an issue with .pdf display in the current version of Safari (v. 1...