Trouble with content security policy

by

Looks like you have 2 Content-Security-Policy issued. If multiple CSPs the strictest rules from both will apply (all sources/tokens should pass via both CSPs unscratched).

Content Security Policy could be delivered 2 ways:

  • via HTTP header Content-Security-Policy: (prefereed)
  • via meta-tag (restricted possibilities)

So you need to check for double <meta http-equiv="Content-Security-Policy" in the HTML code.

And check the HTTP response headers(because CMS could publush CSP by default) in the browser developers tool (Crtl+Shift+i in Chrome and Crtl+Shift+k in Fifrefox -> Network tab -> select main page at the left window and look Response headers):
response headers in the browser console

More Related Contents:

  1. What are these meta tags? [closed]
  2. Redirect from an HTML page
  3. What is “X-Content-Type-Options=nosniff”?
  4. Auto refresh code in HTML using meta tags
  5. What’s the purpose of the HTML “nonce” attribute for script and style elements?
  6. Is it possible to use the same meta tag for opengraph and schema.org
  7. How to redirect one HTML page to another on load
  8. Jenkins Content Security Policy
  9. Content Security Policy: “img-src ‘self’ data:”
  10. Disabling Chrome Autofill
  11. Chrome ignores autocomplete=”off”
  12. SVG drop shadow using css3
  13. Tab space instead of multiple non-breaking spaces (“nbsp”)?
  14. CSS background-image-opacity?
  15. Fixed Table Cell Width
  16. What is the HTML tabindex attribute?
  17. :nth-child(even/odd) selector with class [duplicate]
  18. How to CSS: select element based on inner HTML [duplicate]
  19. How can I style individual parts of an input placeholder? [duplicate]
  20. Equalize the height of left and right div, prevent right div from going below left div
  21. Auto Resize Image in CSS FlexBox Layout and keeping Aspect Ratio?
  22. What is the correct use of schema.org SiteNavigationElement?
  23. How can I control the width of a label tag?
  24. Filter Extensions in HTML form upload [duplicate]
  25. Can a div have multiple classes (Twitter Bootstrap) [duplicate]
  26. Advantages and disadvantages of using base64 encoded images [closed]
  27. Why would Google use a font tag?
  28. “Erasing” in html5 canvas
  29. Styling the “ element in CSS?
  30. Sizing flex items on the last row

Leave a Comment