Rani Agrawal
Reputation: 49
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“style-src”). on Firefox
I have my CSP added as below in my code
res.header('Content-Security-Policy',
"default-src 'self' ; style-src 'self' '<hashvalue>';" +
"script-src 'self' '<hashvalue>';" +
"font-src 'self' data: fonts.gstatic.com;" +
"img-src 'self';" +
"frame-src 'self'; " +
"object-src 'none';" +
"frame-ancestors 'none';"+
"connect-src 'none';"
);
After adding this my UI does not load on Firefox
And even though I have set this CSP I get Appscan issue for CSP as
'AppScan detected that the Content-Security-Policy response header is missing or with an insecure policy, which increases exposure to various cross-site injection attacks'
Your help is highly appreciated!
Thanks in advance!
Upvotes: 1
Views: 2446
Answers (0)
Related Questions
- Stylesheet not loading because MIME type is text/html
- CSS - You may need an appropriate loader to handle this file type
- Content Security Policy issue node js react
- Refused to load the image 'blob:<URL>' because it violates the following Content Security Policy
- Refused to load the stylesheet/script in node.js app
- Javascript: DOMException: Failed to read the 'cssRules' property from 'CSSStyleSheet': Cannot access rules
- Content-Security-Policy will not load images from external sources in React
- Content security policy directive blocks dynamically loaded inline scripts
- React Web Extension Error: Refused to apply inline style because it violates the following Content Security
- Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”) firefox webextensions