Snippet of our CSP configuration
<IfModule mod_headers.c>
Header add X-Vhost "lorem"
Header set Content-Security-Policy
"default-src 'self';
form-action 'none';
script-src 'self' 'unsafe-eval' 'unsafe-hashes' https://cdn-apac.onetrust.com https://www.google.com https://assets.adobedtm.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com 'nonce-394726394026385629';
</IfModule>
We have added nonce to all <Script> tags. However, We are getting below console errors(I have added screenshots as well)
Kindly please help me to clear console errors. Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
Hi
Each message provides you with the information needed to address every issue raised by your Content Security Policy (CSP). The reality is that this is a tune-up process, as it can be challenging to get the CSP working perfectly all at once— at least, that's my perspective. My recommendation is to use a Chrome extension to directly inject the CSP header into your browser (https://chromewebstore.google.com/detail/empty-title/idgpnmonknjnojddfkpgkljpfnnfcklj). This way, you can fine-tune it more quickly and safely, leading to a fully functional CSP.
From what I can see, your CSP should already address some of those issues. However, it appears that you are missing a closing quote and a semicolon, suggesting that your CSP may not be working as expected. Please validate it once with the tool I mentioned above:
<IfModule mod_headers.c>
Header add X-Vhost "lorem"
Header set Content-Security-Policy
"default-src 'self';
form-action 'none';
script-src 'self' 'unsafe-eval' 'unsafe-hashes' https://cdn-apac.onetrust.com https://www.google.com https://assets.adobedtm.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com 'nonce-394726394026385629';"
</IfModule>
Hope this helps.
Hi
Each message provides you with the information needed to address every issue raised by your Content Security Policy (CSP). The reality is that this is a tune-up process, as it can be challenging to get the CSP working perfectly all at once— at least, that's my perspective. My recommendation is to use a Chrome extension to directly inject the CSP header into your browser (https://chromewebstore.google.com/detail/empty-title/idgpnmonknjnojddfkpgkljpfnnfcklj). This way, you can fine-tune it more quickly and safely, leading to a fully functional CSP.
From what I can see, your CSP should already address some of those issues. However, it appears that you are missing a closing quote and a semicolon, suggesting that your CSP may not be working as expected. Please validate it once with the tool I mentioned above:
<IfModule mod_headers.c>
Header add X-Vhost "lorem"
Header set Content-Security-Policy
"default-src 'self';
form-action 'none';
script-src 'self' 'unsafe-eval' 'unsafe-hashes' https://cdn-apac.onetrust.com https://www.google.com https://assets.adobedtm.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com 'nonce-394726394026385629';"
</IfModule>
Hope this helps.
@mahesh_tesla Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies