I've got a PWA app that works fine with script-src 'self'; worker-src 'self' content-security-policy header and I'm trying to tighten security using hashes. I have the index.html file like below <...

I'm trying to write a Chrome extension that uses the MathJax library. I'm using a local copy of the MathJax code in my extension, which I load as a content script in manifest.json: { "name"...

In my application, I am configuring the Content Security Policy for script-src and style-src. When I include the 'unsafe-inline' option, it raises a vulnerability issue during the ZAP security scan. ...

I am importing the bootstrap.min.js library file in my AngularJS project. The problem arises when I add the following CSP line to my project: <httpProtocol> <customHeaders> <...

Our typical approach with security headers with all our Wordpress sites is to use the Security Headers plugin, which allows for modification to CSP (or other headers, as needed). A security team of ...

I’ve inherited an old website after the previous developer passed away. Foolish perhaps but they are good people doing good things in our community so I offered to help. The site uses an old version ...

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-...

I'm trying to get SCP working with hashes. I'm inserting the hashes both in the header (Content-Security-Policy) and in the html page. When I disable CSP and only use SRI, everything works. But when I ...

I run a Laravel application not developed by me, as I'm not a developer. This Laravel app show a user page interface where I need put a custom script live chat code. I found where is the relative ...

I need to implement a content security policy for a customer. Everything works well except for the js scripts. I need to allow external js scripts. Code in my vhost apache : Header set X-Content-Type-...

I've observed that when I utilize jQuery's .html('...') method to insert markup containing an external <script src="..."></script> tag, jQuery doesn't insert the script tag ...

Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/axios/0.18.0/axios.min.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note ...

I've broken down 10+ years of 15-minute candlestick data into single years in order for it to load more quickly. I am relatively new to coding and am modifying one of amcharts terrific demos to see if ...

If I have the following script-src directive: script-src: https://example.com/scripts/file.js; Is it possible for any of the following scripts to be loaded? https://example.com/file.js https://...

I'm migrating a struts2-core-2.5.30 project to struts2-core-6.1.1, however I was getting the following error: Refused to execute inline event handler because it violates the following Content Security ...