I am currently creating an Electron app in which I would like to use react leaflet's maps functionality. This requires the use of external url's which throws CS
Our Vue js website contains dynamic url of css and src by different environment. Each environment have different domains. So the Content-Security-Policy contain
I have deployed Angular Application that uses ExcelJS library on IIS server. My current security policy forces me to return below header in IIS Http Response co
I have a complete html-page with inline js, inline-css and base46 encoded images, that I load as a base64 encoded data URI data:text/html;base64, ..... The Chr
I am trying to use this link in my github readme.md file but not able to see it after spending some time i got this error Refused to apply inline style because
I'm trying to add a game to Chrome Web Store as an extension, but I'm having some problems with it. The game is made in Unity3D. The Error: Refused to load the
I am working on an angular application.I am working in angular 8 application with CLI.My application is running on local server without any failure. On deployi
I want Cypress to go through every page to see on a website to see if there are any console errors and if so, make it known to the user running the test. (I'm t
I have a site using Bootstrap 5 that includes the following input tag: <input class="form-check-input ms-1" id="validated" name="validated" type="checkbox" c
My build process generates index.html with tag <style>, but because of I use CSP and i dont want to insert into my code style-src 'unsafe-inline' it doese
A few months ago, I added security headers to all of the pages on my website. The Mozilla Observatory detected the changes then and the score increased to B+. T
I keep getting this error: Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: g
I'm composing a fairly large CSP and deploying it to CloudFront with CloudFormation. The old CSP worked, but the new one doesn't. It doesn't look like it has an
I have integrated the single-sign-on in our application using WsFedration(ADFS) after the sign-out, it's redirecting to the page as successfully log out and bac
I have an iframe tag with the src being another webpage on a different server. I have the ability to modify the headers of both sites. Before I started implemen
I have a web app which uses localStorage. Now we want to embed this web app on other (third-party) sites via iframe. We want to provide an iframe embed similar
I am trying to implement Content-Security-Policy with the NWebSec NuGet package The basic configuration level is working at this moment but trying to add nonce
How do you do this? I want only one other website to be able to load my main website in an iFrame but nothing is working. https://developer.mozilla.org/en-US/do
I'm confused about Jenkins Content Security Policy. I know these sites: Configuring Content Security Policy Content Security Policy Reference I have a html p