Content-Security-Policy: Refused to execute inline script on lite server

Question

I am following angular's best practice in order to make PWA. After making production build (ng built --prod --aot). I am also running from dist on localhost: npm run dev ("dev": "lite-server"). When the browser load I get an error in the console:

Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-EzX1NiGgmo59Hi8wZ/thoAxnVbkTfzIAgnVddwzUO3Y='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

I tried to add to index.html: <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' 'unsafe-inline';">

What am I doing wrong?

Hi Gal, did you find a solution to your question? I am experiencing the same issue — mikegross, Nov 20 '19 at 15:16

score 1 · Answer 1 · edited May 09 '19 at 10:39

1

Please make true like this in router module

RouterModule.forRoot(rootRouterConfig, { useHash: true})

edited May 09 '19 at 10:39

barbsan

3,418
11
21
28

answered May 09 '19 at 10:30

Guguloth Suresh

11
1

That's a perfect answer bro.. worked for me... !! Thanks. The error is clear though...!! How did you find it?? – Mr. Noddy Jan 30 '20 at 09:35

Content-Security-Policy: Refused to execute inline script on lite server

1 Answers1