R3Z4
Reputation: 59
how to fix error " Refused to execute inline script because it violates the following Content Security Policy directive:
i want using iframe in html but i got this error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
my code :
<iframe src="test.com" height="200" width="300" title="Iframe Example"></iframe>
how can i fix this error thanks inadvance
Upvotes: 5
Views: 27963
Answers (1)
granty
Reputation: 8546
Iframe it has nothing to do with it, you have an inline script like <script>...</script> in the HTML code. Therefore you have opts:
- to add
'unsafe-inline'intoscript-srcdirective (unsafe way) - to use
'nonce-value' - to use
'hash-value''sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE=' - move inline script to external file, and it will fall under
'self'token allowance.
Upvotes: 3
Related Questions
- Html Error: Refused to load the script because it violates the following Content Security Policy directive
- Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"
- Refused to execute inline script because it violates the following Content Security Policy directive
- Chrome showing error as: Refused to execute inline script because of Content-Security-Policy
- Content Security Policy problems...iframes and inline styling
- Refused to execute inline script for Redocly
- CSP: Refused to execute inline script
- Inline script violates Content Security Policy
- Google Chrome: Refused to Execute Inline script
- Why is inline script forbidden (Content Security Policy)?