Refused to execute inline script because it violates the following Content Security Policy directive

[henrymcbean]

Exported my Node API calls from Postman then used Docgen to generate my index.html file then copied to the root of my public folder. When I view the html file via my node server in the browser I am getting a console errors. The first error complained about the favicon.ico so I copied one to the public folder which removed the error. I am unable to remove the CSP error after trying suggested methods in the error using Helmet middleware options.

If open html file directly with the browser I don't get the CSP error so it only happens when I accessing the file via Node API server root. Please advice, full error listed below.

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-ZomnyosL2bmZ79LmErHEhL+1fVaBj9NngvpOK/l4qio='), or a nonce ('nonce-...') is required to enable inline execution.

[jcsuazo]

For me is the same

[saiteja13427]

Facing exactly same issue, this need to be solved

[VighneshManjrekar]

I moved inline script to new js file and it worked for me.

[hassanaref]

I moved inline script to new js file and it worked for me.

but how ?

[tedsemashov]

1. Open index.html file
2. Grab all functionality from
3. Create new file FE: js.js near the index.html
4. Paste functionality from script tag into new js.js file
5. Connect js file into index.html file ->

[markCwatson]

This also worked for me (i.e. the comments from @VighneshManjrekar )