mikemaccana
Reputation: 123048
'Unrecognized Content-Security-Policy directive' error when specifying any domain
I've read the Content Security Policy docs and have entries for my image sources. My values match the examples in the docs, but Chrome complains the valus aren't valid:
Unrecognized Content-Security-Policy directive 'pbs.twimg.com'.
Unrecognized Content-Security-Policy directive 'https://pbs.twimg.com'.
The header is:
Content-Security-Policy-Report-Only:default-src 'self' 'unsafe-inline' 'unsafe-eval' mycompany.com *.typekit.net *.stripe.com *.mxpnl.com *.twitter.com;img-src 'self' data:; pbs.twimg.com;font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net;report-uri /csp-violation
Upvotes: 7
Views: 58703
Answers (1)
Quentin
Reputation: 943089
You have a semi-colon after data: and before pbs.twimg.com so pbs.twimg.com is being treated as a directive-name instead of as part of a directive-value.
Upvotes: 17
Related Questions
- Trouble with content security policy
- Content-Security-Policy Blocking Whitelisted Domains
- Content Security Policy is Blocking URI in Allowed Domain
- How to fix "Content Security Policy - contains an invalid source" error?
- Content Security Policy Headers Blocking Allowed Domains
- CSP policy error - Unable to show iframe from subdomain of primary source
- Strange CSP error in Firefox
- Content Security Policy - Server is not considering meta content
- Content-Security-Policy refused to connect to
- Content security policy not working