SyntaxFix

[javascript] Content Security Policy: The page's settings blocked the loading of a resource

I am using CAPTCHA on page load, but it is blocking because of some security reason.

I am facing this problem:

    Content Security Policy: The page's settings blocked the loading
    of a resource at
    http://www.google.com/recaptcha/api.js?onload=myCallBack&render=explicit
    ("script-src http://test.com:8080 'unsafe-inline' 'unsafe-eval'").

I have used the following JavaScript and meta tag:

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
<script src="http://www.google.com/recaptcha/api.js?onload=myCallBack&render=explicit" async defer></script>

This question is related to javascript jquery content-security-policy

The answer is

You can disable them in your browser.

Firefox

Type about:config in the Firefox address bar and find security.csp.enable and set it to false.

Chrome

You can install the extension called Disable Content-Security-Policy to disable CSP.

I managed to allow all my requisite sites with this header:

header("Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stackexchange.com");

I got around this by upgrading both the version of Angular that I was using (from v8 -> v9) and the version of TypeScript (from 3.5.3 -> latest).

With my ASP.NET Core Angular project running in Visual Studio 2019, sometimes I get this error message in the Firefox console:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”).

In Chrome, the error message is instead:

Failed to load resource: the server responded with a status of 404 ()

In my case it had nothing to do with my Content Security Policy, but instead was simply the result of a TypeScript error on my part.

Check your IDE output window for a TypeScript error, like:

> ERROR in src/app/shared/models/person.model.ts(8,20): error TS2304: Cannot find name 'bool'.
>
> i ?wdm?: Failed to compile.

Note: Since this question is the first result on Google for this error message.

I had a similar error type. First, I tried to add the meta tags in the code, but it didn't work.

I found out that on the nginx web server you may have a security setting that may block external code to run:

# Security directives
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://ajax.googleapis.com  https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://assets.zendesk.com; font-src 'self' https://fonts.gstatic.com  https://themes.googleusercontent.com; frame-src https://player.vimeo.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

Check the Content-Security-Policy. You may need to add the source reference.

Source: Stackoverflow.com

Examples related to javascript

need to add a class to an element How to make a variable accessible outside a function? Hide Signs that Meteor.js was Used How to create a showdown.js markdown extension Please help me convert this script to a simple image slider Highlight Anchor Links when user manually scrolls? Summing radio input values How to execute an action before close metro app WinJS javascript, for loop defines a dynamic variable name Getting all files in directory with ajax

Examples related to jquery

How to make a variable accessible outside a function? Jquery assiging class to th in a table Please help me convert this script to a simple image slider Highlight Anchor Links when user manually scrolls? Getting all files in directory with ajax Bootstrap 4 multiselect dropdown Cross-Origin Read Blocking (CORB) bootstrap 4 file input doesn't show the file name Jquery AJAX: No 'Access-Control-Allow-Origin' header is present on the requested resource how to remove json object key and value.?

Examples related to content-security-policy

Content Security Policy: The page's settings blocked the loading of a resource Refused to load the script because it violates the following Content Security Policy directive How does Content Security Policy (CSP) work? Content Security Policy "data" not working for base64 Images in Chrome 28 Refused to apply inline style because it violates the following Content Security Policy directive

Tags

Memory-mapping Paypal Shape Standard-error Carp Resume-download Jsr82 Apache-fop Openid2 Mdiparent Infinite-value Unreachable-code Imaging Oracle-xe Finddialog Fmpp Non-deterministic Iptc Sqlxml Coderay Asynccallback Syswow64 Generated-sql Elements Browsable Hit-count Html-input Rpm-spec Symbol-capture System.in Image-recognition Runtime-environment Gridcontrol Unichar Sd-card Icsharpcode Tabs Uploader Activexobject G77 Javax.script Nl2br Autocommenting Mxhr Django-filebrowser Raise Domain-aliasing Imagekit Missing-cookies Httpclient Tessellation Breakpoints Graph-theory Func Xelatex Xcdatamodel Least-common-ancestor Application-server Double-dispatch Android-camera Containskey Qgraphicstextitem Neural-network Rangevalidator Nsexception Google-docs User-defined-aggregate Visual-styles Generic-list Openoffice-writer Exitstatus Thread-synchronization Multiboot Runtime-type Workflow-activity Motion Visual-programming Access-point Dimension-reduction Projects-and-solutions Numerical-methods Mono Templatefield Nautilus Mysql-management Postmark Wpd Ocamllex Shellexecute Assembla Ftrace Itemeditor Mod-fcgid Meta-title Cortex-a8 Cube Keylogger Uialertsheet Xls Iso