Reputation: 41
Content Security Policy [Error] Refused to load the script safari
I am behind with CSP, this morning all sites on one of my servers stopped working with safari with the following error:
[Error] Refused to load the script 'http://code.jquery.com/jquery-1.9.1.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
How can I fix this server-wide without having to change each sites 1 by 1.
As mentionned I am a bit behind with CSP, as such I don't even know where to put the rules
Upvotes: 2
Views: 4091
Answers (1)
Reputation: 41
For future reference, here's what I had done 'incorrectly'.
in the file /usr/local/apache/conf/includes/pre_main_global.conf
I placed a bunch of default headers to secure the server including:
Header set X-WebKit-CSP: "default-src 'self'"
Which caused Safari to refuse any script not hosted on localhost.
The confusion came because nobody found the problem before a week after the fact.
Upvotes: 2
Related Questions
- Html Error: Refused to load the script because it violates the following Content Security Policy directive
- Refused to load the script because it violates the following Content Security Policy directive
- How to fix:"Refused to run the JavaScript URL because it violates the following Content Security Policy..."
- Refused to load the script because it violates the following Content-Security-Policy
- Refused to load the script because it violates the following Content Security Policy directive: "script-src 'self'
- Refused to load scripts because it violates the following Content Security Policy directive
- Refused to execute inline script for Redocly
- Refused to load inline script
- Loading script and manifest violates Content Security Policy directives
- Security Policy errors with Automator running JavaScript with Safari