Hari9513
Reputation: 186
Violates the following Content Security Policy directive
When I upload an image into my web application, it is showing the below error
Refused to load the image '
<URL>because it violates the following Content Security Policy directive: "default-src * data: 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
I try to solve this error by using the following code
<meta http-equiv="Content-Security-Policy" content="default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
But it is not working. How can I fix this problem?
Upvotes: 9
Views: 53249
Answers (1)
Abinash
Reputation: 19
I am not sure why you are using an "*". I am using a similar kind of stuff, but my meta tag looks something like this and it works fine for me:
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self';font-src 'self'; img-src 'self' data: https:; style-src 'self' ; script-src 'self'">Upvotes: 1
Related Questions
- Html Error: Refused to load the script because it violates the following Content Security Policy directive
- How to fix:"Refused to run the JavaScript URL because it violates the following Content Security Policy..."
- Refused to execute inline script because it violates the following Content Security Policy directive
- disabling Content Security Policy
- Content security policy including a script
- Chrome Extension: Content Security Policy Error
- Chrome extension Content Security Policy directive error
- Chrome Extensions Content-Security-Policy
- Content Security Policy error, without any inline javascript
- Content-Security-Policy error?