Menu
I'm working with Firefox and I'm getting a lot of 'Content Security Policy' warnings in the the console,
including :
Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src").
and
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
I'm getting these warnings on every website, or almost every website, for example, I get a lot of warnings when I go to Gmail, and less here at StackOverflow,where some website show less, and some show more.
I have recently started working with webpack and some more nodejs tools, can this be the source of these warnings?
what can I do to prevent it? is it a security issue?
thank you!:)
240
If I understand your question correctly, It appears you're approaching this as a user rather than as a developer.
what can I do to prevent it?
nothing, nor should you.
is it a security issue?
No. Quite the opposite, it is security at work protecting your browsing experience.
what can I do to prevent it?
Read up on the CSP rules put in place for your website(s) and adjust these rules as required to only allow what you need to alow for your website to work. This is a very broad topic.
I found the lack of clarification as to what assets are blocked and why, a major flaw with the Firefox console (V66) in that it didn't give enough specifity as to what CSP rules were crossed and what site assets were blocked. I found using Google Chrome console gave me this information and helped me to clarify my CSP to allow what needed to be allowed.
is it a security issue?
Not directly. This is security at work protecting the website visitor's browsing experience. Once the CSP is set up to allow the authorised parts of your website to work, the other parts that will be flagged by the CSP mechanism can be ignored (as insecure/unsafe things that should be aborted).
194
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
