Questions tagged [csp]

Use the tag content-security-policy instead

CSP questions have been answered with the "content-security-policy" tag for years and should be asked there instead.

60 questions

votes

0 answers

Shopify - CSP Issue When Adding JavaScript Code Snippet To Shopify Store

I'm attempting to add a JavaScript code snippet to my Shopify store, but I'm encountering a Content Security Policy (CSP) error: "Refused to frame https://AAAAA.de because an ancestor violates the following Content Security Policy directive:…

asked Aug 16 '23 at 09:32

Mastor

votes

1 answer

Chuwi Lark Box - Content Security Policy

Can someone please explain what is going on ? I often use one information site, where I want and how much I want. But now I am faced with the problem "Content Security Police", on my new miniPC "Chuwi Lark Box". Only on this miniPC, I can not…

csp

asked Aug 15 '23 at 18:41

Anatolii

votes

0 answers

Are security headers related to load balancer terraform files?

I'm working on a .net core app and I'm implementing the security headers like HttpOnly, CSP and Referrer. My question is, we are on GCP and have a lb.tf (Load Balancer terraform file) do I have to make any changes to this file or are security…

.net security referrer cookie-httponly csp

asked Aug 04 '23 at 21:59

Hermilo Castillo

votes

1 answer

PHP / Mustache / CSP : scripts blocked by CSP despite use of nonce

I have a site in PHP and I use Mustache for the templates. Inside those Mustache templates I have javascript that would need to be executed once the template has been loaded. I also have some external scripts from google (ex: google charts) or…

php nonce csp

asked Jul 29 '23 at 13:42

Laurent

1,465
2
18
41

votes

0 answers

EvalError: call to eval() blocked by CSP in Mozilla firefox extention

My chrome extension is working fine and i want to make it compatible with Firefox as well. In the extension i have used eval method that is throwing error "EvalError: call to eval() blocked by CSP". I tried to add below configuration in the manifest…

browser cross-browser firefox-addon firefox-addon-webextensions csp

asked Jul 27 '23 at 11:56

Ujjaval Vaihnav

votes

1 answer

How can I rewrite a [style.display] without using inline styles?

I have some angular code that contains some inline styles that I need to remove. Reason being is we need this code to be CSP compliant and CSP has issues with inline styles.

css angular typescript csp

asked Jul 21 '23 at 14:54

julian reeves

votes

0 answers

Editing Content Security Policy in IIS to allow a CDN script to be loaded

I am currently trying to load an external plugin into an application that is deployed on IIS. I am getting this error: Refused to load the script…

iis cdn content-security-policy csp

asked Jul 15 '23 at 08:04

Samir Kassem

votes

0 answers

Content Security Policy and NAT'd domains

I'm having trouble getting CSP enabled for a client with a winding route through multiple domains. From the client's browser, absolutely everything is presented as coming from domain_A - the application itself (app.domain_A.com) and the image…

https nat csp

asked Jul 12 '23 at 20:59

jfaulk919

votes

0 answers

ZAP Hud broken after hardening the application a bit

I am in the process of performing a security scan of a PoC Spring Boot application, deployed under AWS ECS. First round of scan, I discovered issues with CSP, cookies, XSS (that's what ZAP is for!), etc. I added some Spring Security configuration to…

spring zap csp

asked Jul 11 '23 at 11:11

usr-local-ΕΨΗΕΛΩΝ

26,101
30
154
305

votes

0 answers

Electron/Chrome CSP issue

given I have const {app, BrowserWindow, session } = require('electron'); app.whenReady().then(async () => { session.defaultSession.webRequest.onHeadersReceived((details, callback) => { callback({ responseHeaders: { …

google-chrome electron csp

asked Jul 06 '23 at 12:37

Michał Grzegorzewski

votes

0 answers

how to make .setAttribute command CSP compliant

I recently had to add CSP meta tags into my application which is causing an error specifically on the .setAttribute command How can I write the following snippets to be CSP compliant. (I've heard i can use .style but how would i write it with these…

angular csp

asked Jul 03 '23 at 03:32

julian reeves

votes

1 answer

Load a Page that is protected by CSP

I want to scrap Images from midjourney.com I had a perfectly working script that can do this but now my requests get blocked. I get a 403 ( Forbidden ) as response. To validate my code I converted the coped the request to the main page out off my…

python-3.x python-requests csp

asked Jun 27 '23 at 21:58

Math-Milan

votes

0 answers

What Content-Security-Policy blocks Anchor tags Click-Jacking

When someone pastes into a text box of a CMS (eg Click Jacking Test ) and it gets rendered in a web page so that a users can click on that link that's a problem. default-src self;…

content-security-policy azure-front-door web-application-firewall clickjacking csp

asked Jun 22 '23 at 14:44

Doug Thompson - DouggyFresh

votes

0 answers

Issues Applying CSP Directives

I am applying CSP directives to a web platform, and the platform has some of its external dependencies installed locally, such as a JavaScript video player. Because it requires an external font, the CSS of the dependency makes the font call like…

http security web fonts csp

asked Jun 21 '23 at 15:03

kenai barboza

votes

1 answer

How can I fix Chargebee CSP Errors?

Ive got a problem by using Chargebee via Drop-In Script and Api. I already added the following directives to the header: enter image description here Error: enter image description here Do we enter the Directives properly? Api-key, Domain, Site is…

checkout csp chargebee

asked Jun 20 '23 at 07:36

simon schlossarek

Prev 1

3 4 Next