Rush Buket
Reputation: 90
How to change Content Security Policy by meta tag?
I build a MERN app in which I used Stripe for payments but when I upload it over heroku the following error comes:
I tried to set Content Security Policy meta tag in header of index.html as
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src *; img-src *; connect-src * ; style-src *; font-src * ">
Even then I got the same error while I set script-src to '*'.
I have also used helmet to set headers as:
app.use(
helmet()
);
Please just some ways to remove this error.
Upvotes: 0
Views: 356
Answers (1)
Halvor Sakshaug
Reputation: 3465
You can't relax a CSP by adding another one, by adding another one the result can only become stricter. You need to identify where and how the preexisting CSP is set and modify it to allow whatever you need to run.
Upvotes: 1
Related Questions
- Content Security Policy error - violating directive: script-src 'self'
- content-security-policy meta tag for allowing web socket
- How to relax Content Security Policy with meta tag
- Browser not using metatag Content Security Policy
- mplementing Content Security Policy
- Stripe Connect : Content Security Policy issue
- Content Security Policy - Server is not considering meta content
- Content Security Policy with Paypal button
- ContentSecurityPolicyViolation
- How to override Content-Security-Policy for a specific action