I have the following CSP header in place:
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' http://ift.tt/1G0KAAJ http://ift.tt/1yoHUq8; font-src 'self' http://ift.tt/1yoHUq8; frame-ancestors 'none'; report-uri http://404/;
Most of the resources are loaded properly but some are having issues.
This is the CSP report with the error:
{"csp-report":
{
"blocked-uri":"self",
"document-uri":"http://localhost:8080/moneta-dq/",
"original-policy":"default-src http://localhost:8080; script-src http://localhost:8080 'unsafe-eval'; style-src http://localhost:8080 http://ift.tt/1G0KAAJ http://ift.tt/1yoHUq8; font-src http://localhost:8080 http://ift.tt/1yoHUq8; frame-ancestors 'none'; report-uri http://404/",
"referrer":"",
"source-file":"http://localhost:8080/moneta-dq/",
"violated-directive":"style-src http://localhost:8080 http://ift.tt/1G0KAAJ http://ift.tt/1yoHUq8"
}
}
Any help would be appreciated. Thanks
Aucun commentaire:
Enregistrer un commentaire