Reputation: 21
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions
When I submit pxpay windcave credentials, in console below error occurs. Why?
The Content-Security-Policy directive default-src contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
I have tried to change the header default-src: 'self' but not works for me.
Upvotes: 1
Views: 1685
Answers (1)
Reputation: 3475
In a CSP directive, 'none' can only be present if there are no other sources listed. You either have to remove 'none' from default-src or all the other sources.
But your initial problem might be that you have multiple CSPs and that you need to identify how all CSP are set. Start by checking all response headers and meta tags of the document, then identify the policy with the problematic default-src and try to modify it while you remove all other policies (if any).
Upvotes: 1
Related Questions
- Refused to apply inline style because it violates the following Content Security Policy directive
- Content Security Policy "data" not working for base64 Images in Chrome 28
- Refused to load the script because it violates the following Content Security Policy directive
- How does Content Security Policy (CSP) work?
- Content Security Policy directive 'object-src' contains an invalid source:
- How to use aframe.js with Content Security Policy on WebServer
- Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'none'" fonts.gstatic.com
- Content-Security-Policy : directive 'form-action' contains the keyword 'none'
- Content Security Policy contains an invalid source