2,924
questions
0
votes
0
answers
27
views
Content Security Policy in nextjs not loading the Nextjs script files
import { NextResponse } from "next/server";
export function middleware(request:any) {
const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
const cspHeader = `
...
- 1
-4
votes
0
answers
59
views
We are unable to log you in at this time, please check your email for further information. send grid [closed]
Error: We are unable to log you in at this time, please check your email for further information.
enter image description here
enter image description here
We are unable to log you in at this time, ...
0
votes
1
answer
33
views
How to use unsafe-hashes Content Security Policy with Ruby on Rails
I have a Ruby on Rails application, (rails v 6.1.7.9) which allows user generated content, so I want to use a content security policy. I have one custom javascript call I want to trigger on an event ...
- 1,506
0
votes
0
answers
25
views
Content Security Policy causing double GETs and POSTs in new Firefox update?
I have an ASP.NET MVC site that started giving a new problem today. I have forms being POSTed twice, and when checking logs, I see GETs are being made twice as well.
This is happending in Firefox ...
- 2,261
0
votes
1
answer
33
views
Injected resources blocked from external scripts with `strict-dynamic` and `nonces`
I'm attempting to implement a CSP for a client and am running into some difficulties:
I have a script for Google Translate being pulled in
<script type="text/javascript" src="//...
- 1
0
votes
1
answer
49
views
Remove or replace the Content-Security-Policy (CSP) frame-ancestors 'self' directive that is autogenerated by the framework in .NET 9
I am creating a iFrame widget using .NET 9 Blazor. However, displaying it in an iFrame fails with the following error:
Refused to frame because an ancestor violates the following Content Security ...
- 313
0
votes
1
answer
40
views
Query Regarding Content Security Policy
I have onetrust script to be embedded in my project. Even after adding the code, Cookie banner is not accessible and not getting popped up because of the configuration we used in our project. What ...
0
votes
0
answers
40
views
Setting CSP Headers to Allow Javascript fIles
I'm encountering a problem with something called CSP when trying to execute a Javascript file in my project.
Error message in console:
bootstrapAutofill.ts…oader-R_TAdozE.js:8 Refused to load the ...
0
votes
0
answers
16
views
Content Security Policy reports an error, despite blocked-uri being in the original-policy
We added the Content-Security-Policy-Report-Only to our site, and are now examining the reports that got sent back to us. We got this interesting one on a facebook tracking pixel.
{
"csp-...
- 3,532
0
votes
2
answers
68
views
Duplicate Content Security Policies for frame ancestors generated (Blazor, IIS and Chrome)
I have published a web app (sub.domain.com) to an Internet Information Services (IIS) virtual server and now wish to display it in an iFrame on www.otherdomain.com. The published web.config file on ...
- 313
0
votes
0
answers
39
views
Executing Stringified JavaScript Code from a Content Script [duplicate]
I'm developing a browser extension that enables users to run custom JavaScript code, i.e., code submitted by them, on webpages they specify. I'm developing this extension on Manifest V3. Since ...
- 11
0
votes
1
answer
64
views
Google Analytics and "unsafe-inline" config for Content-Security-Policy
For security concern, we replaced "unsafe-inline" with nonce for script-src in CSP config for the script in index.html.
script-src 'self' 'nonce-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
...
0
votes
0
answers
46
views
Not able to use My website(https) as iframe in index.html page. I'm using nginx in server
Scenario:
I have a web application, Now client have also requested for an android application.
Now rather than developing all the screens again we thought of calling the already developed website ...
0
votes
0
answers
36
views
Extension refuses to load the script due to CSP violation
I'm an SE user often chatting in the physics and math chat rooms. Since yesterday, the chrome extension SE mathjax hasn't been able to render the mathjax formatted lines which I previously used to get ...
- 101
0
votes
0
answers
38
views
Content security policy Issue for ZAP scan with -unsafe-inline' option
In my application, I am configuring the Content Security Policy for script-src and style-src. When I include the 'unsafe-inline' option, it raises a vulnerability issue during the ZAP security scan. ...
