Thursday, May 23, 2024
Homepage · http-headers
 Popular · Latest · Hot · Upcoming
68
rated 0 times [  72] [ 4]  / answers: 1 / hits: 15170  / 2 Years ago, wed, may 25, 2022, 12:00:00

In my application, I want Content Security Policy: all directives should be set to self, but when I am trying to do that it is showing the following error



Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self';".



at Function (<anonymous>)

at Function._init (yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:8:3195)

at yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:9:4331

at yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js:9:4558


Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-BfUVqxUMiFIZGvtAvlU3O1tTN9idUT5IuAIpMSM2F5g='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.




Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&display=swap' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.



More From » http-headers
 Answers
3

The content security policy must have this directive:


default-src 'self';

script-src 'self' 'unsafe-eval'; 

style-src 'self' fonts.googleapis.com;

and more.


[#50032] Friday, March 4, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
shawn
Add To Favorites
Follow
Total Points: 507
Total Questions: 103
Total Answers: 111
Location: American Samoa
Member since Fri, Aug 26, 2022
2 Years ago
;