CSP: Directive 'inline script base restriction' violated #137
Labels
Comments
|
It looks like 'self' and webintents.org are needed. Fixing now. Hopefully deployed soon. |
|
It is actually quite a bit more involved. Need to add unsafe-inline and font-src and frame-src |
PaulKinlan
added a commit
that referenced
this issue
Dec 22, 2011
PaulKinlan
added a commit
that referenced
this issue
Dec 22, 2011
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When visiting http://demos.webintents.org/ using Firefox (in my case FF 9.0 on Mas OSX Lion) you see the following error in the firebug console:
CSP: Directive "inline script base restriction" violated
var _gaq = _gaq || []; _gaq.push(['... demos....nts.org (line 85)
CSP: Directive "inline script base restriction" violated
(function() { var po = document.createE... demos....nts.org (line 98)
This issue seems to come from the CSP header:
curl -i http://demos.webintents.org | head
[...]
X-Content-Security-Policy: allow 'self'; img-src *; script-src www.google-analytics.com apis.google.com;
[...]
where probably script-src need an additional 'self' or '' or something of the kind. It also stops you from executing javascript in the firebug console.
This seems to cause web intents to not work at all in firefox (or at least i couldn't get it to work and couldn't debug what was happening, due to this script restriction).
The text was updated successfully, but these errors were encountered: