Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'"
Question
My Html file looks like below. When I launch the HTML file it says, content security policy is broken. How do I fix it from the HTML side?
<html>
<head>
<title></title>
</head>
<script type="text/javascript" src="URLCode.js"></script>
<body onload='window.location.replace(URLalter(window.location.href));'>
</body>
</html>
Js code:
function URLalter(entryURL) {
var entryPoint= entryURL+" ";
return entryPoint;
}
1 answers
solution1
0 2021-12-16 15:25:10
How do I fix it from the HTML side?
Easy answer, you don't. The server is most definitely responsible for this and with good reason but let's say those reasons are simply security. You may bypass this by adjusting your headers but it will not be done on a client level side at all!
That's bad.
You can maybe get comfortable with these security features often applied and understand the different headers/measures taken: contentSecurityPolicy, dnsPrefetchControl, expectCt, frameguard, hidePoweredBy, hsts, ieNoOpen, noSniff, permittedCrossDomainPolicies, referrerPolicy, and xssFilter
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.