Stack Overflow
Stack Overflow

Questions tagged [csp]

Use the tag content-security-policy instead

CSP questions have been answered with the "content-security-policy" tag for years and should be asked there instead.

60 questions
0
votes
1 answer

Django-CSP without unsafe-inline?

I'm trying to setup CSP for wagtail but because I'm using unsafe-inline in CSP_SCRIPT_SRC it's showing as insecure in observatory.mozilla.org Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside…
squidg
  • 451
  • 6
  • 17
0
votes
0 answers

Refused to execute inline script on client application

I am working on this asp.net applicatio n and everything was working fine but suddenly I started getting the below warning on application deployed on client server Refused to execute inline script because it violates the followingg Content security…
megha
  • 1
0
votes
0 answers

Content Security Policy not applying to html

I have set content security policy(CSP) in nodejs and it is getting applied to node. However, for the root html page CSP is not being applied. How can it be applied on html with the help of nodejs. app.use(function(req, res, next) { …
Mrunall Veer
  • 101
  • 2
  • 3
  • 12
0
votes
1 answer

Why are some script tags skipped when adding nonces for content security policy in WordPress?

I am working on wordpress site and I am trying to add nonce to all the scripts, below is the code that I am using it works fine for most of the tags but it seems to skip some of the scripts tags. One of the script tage is auto generated by wordpress…
tassi
  • 1
0
votes
1 answer

How to fix CSP error? "Refused to execute inline event handler because it violates the following Content Security Policy directive..."

I'm getting the CSP error for adding nonce value in script-src. This is the CSP I'm setting - Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-b1967a39a02f45edbac95cbb4651bd12' 'unsafe-hashes'; frame-src 'self'…
Suparna
  • 85
  • 2
  • 14
0
votes
1 answer

flask-talisman use js scripts located in static/js/folders

I am trying to implement CSP using flask-talisman (new to that). I managed to load external cdns but I can't use my own scripts located in /static/js/[folders]/[subfolders]/file.js ex. in template html: