Hello! I’m have problem with CSP, how to fix this? [screen] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https://mydomain.com/logs/ https://mydomain.com/sidekiq/ https://mydomain.com/mini-profiler-resources/ https://mydomain.com…

It’s not my forte, but I’ve had a search and you may need to rewrite the inline script you’re trying to use: [image] Refuse to reload script (CORS) with my settings That error means you are trying to run a script inline, which is disallowed by your current CSP configuration. You have two option…

I don’t want to disable CSP protection and I don’t have external scripts, I tried to disable all the plugins and the components of the topic, it didn’t help. I try add all this link to content security policy script src in the admin setting, problem was safe :frowning: https://mydomain.com/logs/ h…

You need to share your site URL for we to be able to help you.

Hm… It seems I found the reason, it seems that the problem occurs because I use the meta tag CSP in my theme: <meta http-equiv="Content-Security-Policy" content="img-src https://imgur.com https://giphy.com"> I need to use the img-src directive to limit the display of images from prohibited hosts. …

Oh that CSP directive will indeed break Discourse completely.

How I can change the default CSP directives in header, to added img-src without use meta tag? I’m try this in Rails, but nothing change: Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Policy' => "upgrade-insecure-requests; base-uri 'self'; object-src 'none'; scri…

I’m delete this meta tag, bebuild and problem was safe :frowning:

How to fix problem with CSP

Support

JammyDodger March 9, 2022, 4:30pm 2

It’s not my forte, but I’ve had a search and you may need to rewrite the inline script you’re trying to use:

Topic		Replies	Views
Refuse to reload script (CORS) with my settings Support	1	1137	January 31, 2021
After upgrade the content security policy script src for GTM Data & reporting	4	1901	April 13, 2021
Can't get script tag to work in landing pages plugin due to content-security-policy Support	5	167	July 1, 2025
Mitigate XSS Attacks with Content Security Policy Site Management content-security-policy , how-to	32	24685	June 13, 2023
Add CSP nonce-source support Development	12	4054	November 2, 2018

How to fix problem with CSP

Related topics