Refused to load the script : Content-Security-Policy

6.2k Views Asked by Tarun U M At 20 October 2024 at 09:31

Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/axios/0.18.0/axios.min.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

**script(src='https://cdnjs.cloudflare.com/ajax/libs/axios/0.18.0/axios.min.js')**

so i tried adding this meta header though it throws the same error

meta(http-equiv='Content-Security-Policy' content="script-src 'self' https://cdnjs.cloudflare.com/ 'unsafe-inline' 'unsafe-eval'")

Original Q&A

There are 2 best solutions below

Alpha On 25 April 2023 at 15:04 BEST ANSWER

if you are using helmet in node then this worked for me

app.use( helmet({ contentSecurityPolicy: false }) );

Halvor Sakshaug On 28 March 2023 at 06:59

You likely have a default Content Security Policy served as a response header. Adding another policy in meta tag can only make it stricter as all content needs to pass all policies. You need to identify what sets the CSP with "script-src 'self'" and modify that policy.

Refused to load the script : Content-Security-Policy

There are 2 best solutions below

Related Questions in JAVASCRIPT

Related Questions in AXIOS

Related Questions in CONTENT-SECURITY-POLICY

Related Questions in SCRIPT-SRC

Trending Questions

Popular # Hahtags

Popular Questions