Our Vue js website contains dynamic url of css and src by different environment. Each environment have different domains. So the Content-Security-Policy contain
I have deployed Angular Application that uses ExcelJS library on IIS server. My current security policy forces me to return below header in IIS Http Response co
I have a complete html-page with inline js, inline-css and base46 encoded images, that I load as a base64 encoded data URI data:text/html;base64, ..... The Chr
I am trying to use this link in my github readme.md file but not able to see it after spending some time i got this error Refused to apply inline style because
I'm trying to add a game to Chrome Web Store as an extension, but I'm having some problems with it. The game is made in Unity3D. The Error: Refused to load the
I am working on an angular application.I am working in angular 8 application with CLI.My application is running on local server without any failure. On deployi
I want Cypress to go through every page to see on a website to see if there are any console errors and if so, make it known to the user running the test. (I'm t
I have a site using Bootstrap 5 that includes the following input tag: <input class="form-check-input ms-1" id="validated" name="validated" type="checkbox" c
My build process generates index.html with tag <style>, but because of I use CSP and i dont want to insert into my code style-src 'unsafe-inline' it doese
A few months ago, I added security headers to all of the pages on my website. The Mozilla Observatory detected the changes then and the score increased to B+. T
I keep getting this error: Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: g
I'm composing a fairly large CSP and deploying it to CloudFront with CloudFormation. The old CSP worked, but the new one doesn't. It doesn't look like it has an
I have integrated the single-sign-on in our application using WsFedration(ADFS) after the sign-out, it's redirecting to the page as successfully log out and bac
I have an iframe tag with the src being another webpage on a different server. I have the ability to modify the headers of both sites. Before I started implemen
I have a web app which uses localStorage. Now we want to embed this web app on other (third-party) sites via iframe. We want to provide an iframe embed similar
I am trying to implement Content-Security-Policy with the NWebSec NuGet package The basic configuration level is working at this moment but trying to add nonce
How do you do this? I want only one other website to be able to load my main website in an iFrame but nothing is working. https://developer.mozilla.org/en-US/do
I'm confused about Jenkins Content Security Policy. I know these sites: Configuring Content Security Policy Content Security Policy Reference I have a html p