samedi 3 juillet 2021

Receiving Content Security Policy errors with no Content Security Policy header present

I am integrating with a third party library (Chargebee) and I am receiving Content Security Violation errors.

As far as I can tell, I don't have CSP defined in my web page as it doesn't return a CSP response header:

enter image description here

Although, when trying to utilise this library I'm getting errors along the lines of:

enter image description here enter image description here

Questions

  1. I'm using other third party JS libraries, why am I not getting this error for any others? I've never had to specify a CSP for any previously.

  2. If I do actually define a CSP, I'm then blocking the other third party libraries. Can I allow Chargebee without then blocking others (and without having to include them all in the CSP)?

It doesn't make sense. It suggests that I don't have a CSP defined seeing as it's not returned in my headers and I can use third party resources, I have even verified this using the Chrome CSP evaluator extension. And yet, the error messages show that I do have a CSP policy defined.

Am I missing something?




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)