1

I have decided to embed flipboard into my blog and I see the following related errors

I believe the solution is to add meta http-equiv="Content-Security-Policy" to the web page I am struggling to identify the policy that will resolve this error (allow the content without error)

I have tried a number of combination of white-listing sites, i have yet to be able to correctly allow all referenced scripts.

Is there another approach to build the CSP?

{flipboard reference}-f9oc26qay:68 Refused to load the script 'https://ssl.google-analytics.com/ga.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' 'self' http://connect.facebook.net https://connect.facebook.net https://cdn.optimizely.com http://www.google-analytics.com https://jira.flipboard.com https://cdn.flipboard.com https://apis.google.com https://twitter.com https://www.google.com https://www.gstatic.com https://s.flipboard.com http://ue.flipboard.com https://ue.flipboard.com".

David
  • 3,047
  • 4
  • 45
  • 79
  • Even with allowing everything I am continuing to get the error (below). I had tried to be specific about sites but whatever I did i got the same error, so I thought I would try to allow everything but i continue to get the error. default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; Refused to load the script 'https://ssl.google-analytics.com/ga.js' because it violates the following CSP directive: "script-src 'unsafe-inline' 'unsafe-eval' 'self' – David Sep 30 '18 at 19:50
  • It sounds like your document is already being served with a Content-Security-Policy header. So you would need to change whatever code on the server side is adding that header. You can’t override a more-strict policy specified in that header with a less-strict policy specified in a meta element. See the answer at https://stackoverflow.com/questions/51148998/what-is-happening-when-i-have-two-csp-content-security-policies-policies-hea/51153816#51153816 – sideshowbarker Sep 30 '18 at 23:39

0 Answers0