ResourceOverride
ResourceOverride copied to clipboard
kylepaulsen
Refused to load the script because it violates the following Content Security Policy directive
Hi,
I try to override a .js file from a website, but when I do the file doesn't load and I get the following error message :
website.com/:1 Refused to load the script 'data:text/javascript;charset=UTF-8;base64,...'
because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'
https://*.website.com https://website.com https://*.website1.com https://website.com https://cdn.website.net
https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com
https://www.google-analytics.com https://*.website2.com https://*.website2.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Is there a way to fix that ?
Could maybe try using a header rule to delete the "Content-Security-Policy" header. Not sure if that will work.
I end up putting nginx at front of nuxt and use nginx header in location area as follow (and it works)
add_header Content-Security-Policy " default-src *.mywebsite.com *.gstatic.com *.googleapis.com *.fontawesome.com script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com; font-src 'self' data: blob: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.fontawesome.com; img-src 'self' data: blob: *.mywebsite.com *.gstatic.com *.googleapis.com; media-src 'self' data: blob: *.mywebsite.com *.gstatic.com *.googleapis.com; object-src 'self'; connect-src 'self' *.mywebsite.com;";