Questions tagged [content-security-policy]
Content Security Policy (CSP) aims to mitigate the risk of cross-site scripting attacks by giving developers fine-grained control over the resources a page is allowed to load, as well as the script it's allowed to execute.
content-security-policy
2,881
questions
-1
votes
0
answers
15
views
CSP not showing on browser
I'm quite new to coding, and I'm developing an application using Express, Node JS and Angular. Right now, I am focusing on security, so I did some research and found the Content Security Policy, which ...
-5
votes
0
answers
32
views
How to fix CSP problems? [closed]
im getting this error
Content Security Policy of your site blocks the use of 'eval' in JavaScript`
The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make ...
1
vote
1
answer
29
views
Angular 18 with CSP blocking styles set in component sass file
All, I have a simple "hello world" site to debug CSP. I have it working fine for everything but styles that are placed in a component scss file. What am I missing?
my index.html file:
<...
- 609
0
votes
0
answers
11
views
ASP.NET MVC (blocked:csp) error when running in local
I am getting the (blocked:csp) error in my Chrome browser when my app.
I have the headers set up like this:
HttpContext.Current.Response.Headers.Add("X-Content-Security-Policy",
"...
- 2,447
2
votes
2
answers
39
views
Enforcing a web page to be iframed?
I have an HTML page that is designed to be iframed into a different website.
With a CSP frame-ancestors directive I can restrict in which pages it is allowed to be iframed.
This disallows iframing ...
- 10.6k
0
votes
0
answers
30
views
iframe being being blocked by CSP in iOS Cordova app
We're running an app on Cordova version 12.0.0 and cordova-ios 7.1.0.
We have an iframe which works on multiple browsers in web and in an Android app.
But it doesn't work in our app on ios, other ...
0
votes
0
answers
21
views
is ng-grid.js CSP compatible?
I am using the ng-grid.js library in my AngularJS project and need to verify if setTimeout and eval() are functioning correctly after removing unsafe-eval from the Content Security Policy:
<add ...
0
votes
0
answers
19
views
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval'
I need help from community, when i run project nextjs sxa sitecore with jss start:connected in http://localhost:3000 then issue in image raise in console log of chrome.
I investigate to check issue ...
- 81
0
votes
0
answers
13
views
Extension and App webworker communication
I've got a PWA with a webworker responding to requests at /api/. I also have an extension that goes with the app and I'd love it to be able to make requests of the PWA. I've tried a number of ways ...
- 1,688
0
votes
0
answers
28
views
Can I force https on the browser when javascript library sets img-src?
Using CanadaPost AddressComplete library that has the following snipet:
/* Preload images that are to be used in the css. */
function preloadImage(url) {
var img = new Image();
...
- 1,030
2
votes
0
answers
20
views
CSP directive blocking style src to load in react js mantine
I'm using mantine version 6.0.13 and vite
I'm facing issue after applying the CSP directive in header, mentioned below
CSP"Content-Security-Policy","default-src http://localhost; style-...
0
votes
0
answers
32
views
Is signalR-2.3.0 is Content Security Policy (CSP) compatible or not?
I'm using signalR 2.3.0 version for project.
I've added this lines of code in web.config
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" ...
0
votes
0
answers
13
views
What is the meaning of frame-src 'self' blob:?
I want to restrict my site to blob: only from its own origin.
I thought frame-src 'self' blob: would do that but checking on checked on CSP evaluator the results are:
It shows 'self' & blob.
...
-1
votes
0
answers
34
views
How to decide which is better option to implement nonce or hash for inline scripts-CSP
What if in big application,we use something like below in multiple areas
<button type="button" class="btn btn-primary" onclick="func1()">test</button>
<...
0
votes
0
answers
16
views
How to load/embed PDF file in Chrome Extension?
I'm trying to develop a Google Chrome extension capable of generating PDF files and showing them to the user. I have a sidePanel defined which makes use of the object tag to attempt to embed the PDF ...
- 5,236