I have some existing code that looks like this. i = new Function("obj", "_", s); The parameter s contains an executable javascript code, as a string. At a late
I have a very simple TagHelper which will add the current CSP nonce to a specified tag. This is all working fine until I start using asp-append-version along wi
I am trying to upgrade a Chrome extension to Manifest V3. Our current application makes use of webRequest and webRequestBlocking to modify the content-security-
I am creating an Electron application, and per the Electron security tutorial I have added a CSP meta tag. When running the application, this issue appears in d
I am currently creating an Electron app in which I would like to use react leaflet's maps functionality. This requires the use of external url's which throws CS
Our Vue js website contains dynamic url of css and src by different environment. Each environment have different domains. So the Content-Security-Policy contain
I have deployed Angular Application that uses ExcelJS library on IIS server. My current security policy forces me to return below header in IIS Http Response co
I have a complete html-page with inline js, inline-css and base46 encoded images, that I load as a base64 encoded data URI data:text/html;base64, ..... The Chr
I am trying to use this link in my github readme.md file but not able to see it after spending some time i got this error Refused to apply inline style because
I'm trying to add a game to Chrome Web Store as an extension, but I'm having some problems with it. The game is made in Unity3D. The Error: Refused to load the
I am working on an angular application.I am working in angular 8 application with CLI.My application is running on local server without any failure. On deployi
I want Cypress to go through every page to see on a website to see if there are any console errors and if so, make it known to the user running the test. (I'm t
I have a site using Bootstrap 5 that includes the following input tag: <input class="form-check-input ms-1" id="validated" name="validated" type="checkbox" c
My build process generates index.html with tag <style>, but because of I use CSP and i dont want to insert into my code style-src 'unsafe-inline' it doese
A few months ago, I added security headers to all of the pages on my website. The Mozilla Observatory detected the changes then and the score increased to B+. T
I keep getting this error: Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: g
I'm composing a fairly large CSP and deploying it to CloudFront with CloudFormation. The old CSP worked, but the new one doesn't. It doesn't look like it has an
I have integrated the single-sign-on in our application using WsFedration(ADFS) after the sign-out, it's redirecting to the page as successfully log out and bac
I have an iframe tag with the src being another webpage on a different server. I have the ability to modify the headers of both sites. Before I started implemen
I have a web app which uses localStorage. Now we want to embed this web app on other (third-party) sites via iframe. We want to provide an iframe embed similar