Menu
I noticed after updating to Google Chrome (21.0.1180.89) I’m getting allot of errors in the developer tab; especially if I visit my own phpMyAdmin site.
There are all the same and are some sort of security against Cross-Site Scripting; are there anything I can do to resolve?
Unrecognized Content-Security-Policy directive 'allow'.
Unrecognized Content-Security-Policy directive 'options'.
560
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.
Turn off the CSP for your entire browser in Firefox by disabling security. csp. enable in the about:config menu. Note: You must log in to the ELM instance in the new tab of the same browser before you access the resource or configuration picker through Publishing Document Builder.
To fix the issue you have to add `https://localhost:5000` host-source to the script-src directive. Alternatively you can use syntax 'https://localhost:*' to allow any ports.
The allow and options directives are both part of Mozilla's original definition of Content Security Policy. Chrome implements the current W3C standard, which has made several changes from Mozilla's original proposal.
allow has been replaced with default-src, and sets a default source list for the other CSP directives.options has been replaced with 'unsafe-inline' and 'unsafe-eval' (with the single-quotes) sources on either the script-src or style-src directives.Both of those old-style directive still work in Firefox, using the X-Content-Security-Policy header. If a website delivers a WebKit-prefixed header (X-WebKit-CSP), it should use the current standard.
Note that WebKit has implemented the unprefixed header (Content-Security-Policy) in trunk, and it should be rolling out to stable WebKit-based browsers over the next few months. If you're not already setting the canonical header, now is a good time to start thinking about it. :)
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
