Menu
When I'm trying to embed video from vimeo to my site, I get error in chrome console -
Refused to load the script 'data:application/javascript;base64,dmFyIHVyY2hpblRyYWNrZXI9ZnVuY3Rpb24oKXt9…RUcmFja2VyQnlOYW1lOiBmdW5jdGlvbigpe190cmFja0V2ZW50OiBmdW5jdGlvbigpe319fTs=' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://ssl.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://f.vimeocdn.com".
I get same error in all sites, thats contains vimeo player. For example - https://player.vimeo.com/video/174560759
That error crash my javascript, which communicate with Vimeo player API.
Maybe somebody knows, what's wrong with Vimeo, and how I can resolve this problem?
P.S. Firefox just shows me warning in console, and my js works well.
412
To fix the issue you have to add `https://localhost:5000` host-source to the script-src directive. Alternatively you can use syntax 'https://localhost:*' to allow any ports.
The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets. To solve this, move all inline scripts (e.g. onclick=[JS code]) and styles into external files. adding the hash or nonce of the inline script to your CSP header.
The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unauthorized code on your site. To solve this issue, avoid using eval() , new Function() , setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.
I found this error to be caused by the uBlock Origin extension. It may also be triggered by others like AdBlock.
Try browsing in Incognito or starting Chrome without extensions to see if the problem persists.
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
