-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSP blocking up.reload
even with unsafe-eval
#493
Comments
When you're seeing the error, what is the value of |
That's curious. The function just tests if we can use Lines 63 to 72 in 78b1dc0
|
I'll leave my solution for reference: I had an unnoticed Apparently, browsers give precedence to what is in the there over from what is comming in the CSP headers. Removing the tag solved the problem. |
Bug description
Whenever my links opens a new layer and uses the
up-on-accepted
directive, I'm receiving an error saying that CSP is not allowed to execute scripts:I've set my server-side (Django app) to respond with headers specified in the docs:
Reproduction project
Can't reproduce in glitch.
Steps to reproduce the behavior:
up-on-accepted
directive that reload contents:up-accept-location
Expected behavior
Should not throw error since CSP headers are set.
Browser version
Additional context
I'm seeing this after upgrading from 2.7.7 to 3.1.1 (and an update to Django Framework)
The text was updated successfully, but these errors were encountered: