Reputation: 35
Refused to load the script : Content-Security-Policy
Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/axios/0.18.0/axios.min.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
script(src='https://cdnjs.cloudflare.com/ajax/libs/axios/0.18.0/axios.min.js')
so i tried adding this meta header though it throws the same error
meta(http-equiv='Content-Security-Policy' content="script-src 'self' https://cdnjs.cloudflare.com/ 'unsafe-inline' 'unsafe-eval'")
Upvotes: 2
Views: 10732
Answers (2)
Reputation: 52
if you are using helmet in node then this worked for me
app.use( helmet({ contentSecurityPolicy: false }) );
Upvotes: 3
Reputation: 3475
You likely have a default Content Security Policy served as a response header. Adding another policy in meta tag can only make it stricter as all content needs to pass all policies. You need to identify what sets the CSP with "script-src 'self'" and modify that policy.
Upvotes: 1
Related Questions
- Refused to apply inline style because it violates the following Content Security Policy directive
- Script causes “Refused to execute inline script: Either the 'unsafe-inline' keyword, a hash… or a nonce is required to enable inline execution”
- Content Security Policy "data" not working for base64 Images in Chrome 28
- Refused to load the script because it violates the following Content Security Policy directive
- How does Content Security Policy (CSP) work?
- Chrome Extension "Refused to load the script because it violates the following Content Security Policy directive"
- Content Security Policy: The page's settings blocked the loading of a resource
- Chrome Extension “Refused to load the script because it violates the following Content Security Policy directive”
- Refused to load the script because it violates the following Content-Security-Policy