content-security-policy

content-security-policy

Directus: Content Security Policy error - frame-src blocked when embedding a YouTube video

CSP Violation - Blocked URI is mentioned as "properties"

how to prevent the use of 'unsafe-eval' to CSP (Content Security Policy) becuase of prizmDoc viewer-asset underscore.min.js file (..new function..)

Does specifying a file in a CSP directive prevent other files from that domain being loaded?

Dynamically load Zg-Zorro icons in angular app with Content-Security-Policy enabled

Google Analytics/Google Ads and Content Security Policy

Several content security policy (CSP) violations in Magento 2.4.5-p1 website. How to resolve them?

Content Security Policy script-src violated for inline event handlers in dhtmlx suite 4.2

Resolve Strapi.io Content Security Policy Error

Content Security Policy: Blocking certain internal script

Does the "Sign In with Google" button require CSP style-src 'unsafe-inline'?

Order of sources when using strict-dynamic

Why is my CSP Header still reporting violations on sources I have wildcarded?

Mozilla Observatory can’t parse my CSP header

CSP: style-src hashes ignored in browser

How do I use Content Security Policy (CSP) in Codeigniter4 application

Why files ICO and PNG are being blocked by CSP?

How do I debug the following CSP issue

Content Security Policy blocking all third party images/js and other resources

Is there a way to block bookmarklets from running using CSP

CSP style-src: 'unsafe-inline' in a landing page

Should Content-Security-Policy header be applied to all resources?

Modifying content-security-policy response headers using declarativeNetRequest and Manifest V3

Content-Security-Policy refusing to load localhost script

CSP Violation : Inline Style in innerHTML of a library

Dot Net 5 CSP with a nonce - discrepancy between nonce in header and nonce in script tags

Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'none'" fonts.gstatic.com

CSP-Reports: Best Practice to handle false positive csp-reports with logstash

Getting CSP reports on www.pagespeed-mod.com

CSP header file - 1 line versus multiple lines on Netlify vs GitHub

How to pass 'nonce' option to the #emotion/cache which is a dependency of #emotion/core?

Callback violates CSP policy even though it is referenced in 'script-src' policy

Working on CSP headers, seeing console browser as Refused to execute inline script because it violates the following Content Security Policy directive

Content Security Policy violation with Bootstrap 5

Cloudant couchapp fails suddenly with CSP sandbox error

Where to specify the Content Security Policy (CSP): on a backend or on a frontend?

Content-security-policy with a hash for an event handler does not work on iOS Safari

How to crawl a group of websites looking for CSP issues?

Include a third-party library as a content script without violating CSP & Intercepting headers

Content Security Policy: Loading failed for the script

problem in Content Security Policy for external scripts

Is there a way to create a fallback page for iframes blocked by CSP?

Unrecognized Content-Security-Policy directive ''self''

Adsense sometimes doesn't serve ads because of Content Security Policy

How to use 3rd party libraries and inline scripts in nodejs app while helmet enabled

Facebook Chat Plugin issues with CSP frame-src directive

Content Security Policy: hash for font-src: data

Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback

Content-Security-Policy for local resources

Content security policy including a gumroad script

How to fix "Content Security Policy - contains an invalid source" error?

CSP (Content-Security-Policy) Violation stats.g.doubleclick.net in spite of hostname added to list

Script-src-elem being reported although script-src is defined

What is CSP blocked URI "c" and "file"

Correctly using hash with content security policy (CSP)

CSP for embedding youtube video

CSP: Trouble whitelisting url that changes, wildcard not working

Content Security Policy is Blocking URI in Allowed Domain

An API we are using requires 'unsafe-eval' 'unsafe-inline', can we restrict script origin with CSP without further compromising security?

How to define nonce for style-src-attr or script-src-attr?

page:1 of 2 next page main page

Categories

performance-testing

azure-web-app-service

vscode-devcontainer

dynamic-programming

google-cloud-spanner

couchbase-java-api

authenticationchallenge

keycloak-connect

laravel-unit-test

keycloak-rest-api

disaster-recovery

azure-python-sdk

domino-appdev-pack

variadic-functions

react-native-ios

safari-app-extension

image-extraction

wechat-miniprogram

ternary-operator

rational-developer-for-i

imagemagick-identify

jquery-autocomplete

ms-project-server-2010

geometrydrawing

http-compression

zend-controller

database-agnostic

Resources