I'm getting a bunch of errors in the developer console:
Refused to evaluate a string
Refused to execute inline script because it violates the following Content Security Policy directive
Refused to load the script
Refused to load the stylesheet
What's this all about? How does Content Security Policy (CSP) work? How do I use the Content-Security-Policy
HTTP header?
Specifically, how to...
- ...allow multiple sources?
- ...use different directives?
- ...use multiple directives?
- ...handle ports?
- ...handle different protocols?
- ...allow
file://
protocol? - ...use inline styles, scripts, and tags
<style>
and<script>
? - ...allow
eval()
?
And finally:
- What exactly does
'self'
mean?
from How does Content Security Policy (CSP) work?
No comments:
Post a Comment