Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Violates the following Content Security Policy directive

Tags:

javascript

html

google-chrome

content-security-policy

When I upload an image into my web application, it is showing the below error

Refused to load the image ' <URL> because it violates the following Content Security Policy directive: "default-src * data: 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

I try to solve this error by using the following code

  <meta http-equiv="Content-Security-Policy" content="default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">

But it is not working. How can I fix this problem?

like image 651
Hari9513 Avatar asked Nov 19 '18 06:11

Hari9513

People also ask

What does'because it violates the following Content Security Policy Directive'mean?

'because it violates the following content security policy directive' is a browser error message that occurs when Content Security Policy is blocking a resource from loading. Why is Content Security Policy blocking my resource?

What is content security policy error messages?

Content-Security-Policy Error Messages. In Chrome when a Content Security Policy Script Violation happens you get a message like this one in the Chrome Developer Tools: Refused to load the script 'script-uri' because it violates the following Content Security Policy directive: "your CSP directive".

What does Content Security Policy violation mean in Salesforce?

Content Security Policy: A violation occurred for a report-only CSP policy ("An attempt to execute inline scripts has been blocked"). The behavior was allowed, and a CSP report was sent. In addition to a console message, a securitypolicyviolation event is fired on the window.

What is a Content Security Policy (CSP) violation?

In Firefox you might see messages like this in the Web Developer Tools: Content Security Policy: A violation occurred for a report-only CSP policy ("An attempt to execute inline scripts has been blocked"). The behavior was allowed, and a CSP report was sent. In addition to a console message, a securitypolicyviolation event is fired on the window.

1 Answers

I am not sure why you are using an "*". I am using a similar kind of stuff, but my meta tag looks something like this and it works fine for me:

<meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self';font-src 'self'; img-src 'self' data: https:; style-src 'self' ; script-src 'self'">
like image 112
Abinash Avatar answered Oct 05 '22 03:10

Abinash
Sign in to Comment

Related questions

How to authenticate user in browser using AWS Cognito?
React onClick event handler not working using Next.js
pouchDB query() bug when updating documents
Proper way to access store in ngrx/effect
How to implement sign in with xbox with javascript?
CSP hash or nonce for inline JS within attribute
How do I enable copy to clipboard in Firefox on Linux?
VueJS Memory Leak when Switching Routes
Bootstrap-vue Form File Upload has no styling, but other components have?
Stop at a certain point on a horizontal scrolling page
How to prevent history.push if location didn't change in react-router4?
Select Multilines using Lasso Tool
I want to show modal popup before leaving the page
How to overwrite babel's preset plugin options
How to display dynamically label and values of label in pie chart using chart.js?
Transition group animation changes behaviour when adding 3rd element
How to use one component for validation other two components?
Dynamic import of Javascript module from stream
How do you programatically open multiple rows in DataTables
Invalid string is converted to date

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!