Using Safari 11.0 I am receiving an error trying to load a CSS resource on a website I maintain. The page loads fine in Chrome and Firefox, and used to load fine in Safari, so I'm not sure how to resolve it. I'm guessing I need to modify the Content-Security-Policy
header.
The specific error from the Safari console is Refused to load https://****.com/css/styles.css because it does not appear in the style-src directive of the Content Security Policy.
As a result of this, the styles.css
file isn't loading and the website is rendered incorrectly.
The security headers for the website (set via caddy) are:
Content-Security-Policy default-src 'self' https:; script-src 'self'; style-src 'self'; object-src 'none' Content-Type text/html; charset=utf-8 Referrer-Policy strict-origin Server Caddy Strict-Transport-Security max-age=31536000; includeSubDomains; preload
Change the style-src
part of the Content-Security-Policy
header value so that it's instead style-src 'self' https://****.com
. That is, replace the ****.com
in https://****.com
with whatever the actual hostname is.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.