Discourse refused to load with CSP policy error after rebuild

Hi,

I just upgraded discourse and reinstalled with “tests-passed” as “stable” was giving me mini_racer error. After installation, I am getting a blank page and log shows the following error.

Refused to load https://www.domain.com/community/assets/browser-update-1741a2ed67a367faeb0a582af064457e8b1b1354e52e6efcf8bf26301166dec8.js because it does not appear in the script-src directive of the Content Security Policy.

However, I don’t think if I have enabled CSP in the server configuration.

There were some changes to the csp stuff lately. How long has it been since your last upgrade?

You might need to modify those site settings at the rails console.

well I am upgrading after several days or maybe 2-3 months I do not even remember…

However, I removed the images and installed from scratch but its still the same.

CSP is now on by default, but for some reason, your instance isn’t working right. You can disable CSP temporarily by:

./launcher enter app
rails c

and then in the rails console

SiteSetting.content_security_policy = false
7 Likes

yes its working now. Thank you. When will stable release be available? I mean currently its giving me mini racer error.

Update: Now I am unable to restore the previous backup which I made on stable release, but this time as stable is giving error so I am using tests-passed.