Refuse to reload script (CORS) with my settings

Idan · January 31, 2021, 6:00pm

I get this error for scripts on my site:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src

and

Either the 'unsafe-inline' keyword, a hash ('sha256-S+X8s301GQoAcOI+8hjPS+QG94Q='), or a nonce ('nonce-...') is required to enable inline execution.

I am using iubenda and adsense. I put DISCOURSE_ENABLE_CORS: true in app.yml and rebuild the app.

I put this in the security.

I still get the errors.

How to resolve that please.

Falco · January 31, 2021, 11:17pm

That error means you are trying to run a script inline, which is disallowed by your current CSP configuration.

You have two options:

Fix the script that is trying to execute the inline. (recommended)
Disable CSP (not recommended)

Topic		Replies	Views
Cannot see adsense ads - using official discourse ad plugin Support	3	859	January 27, 2023
How to fix problem with CSP Support	8	5331	March 9, 2022
We couldn't find the code on your site Support advertising	9	2305	October 18, 2022
A user cannot login due to CSP issue Support	5	431	September 30, 2023
JS script is not loading Support	3	2254	April 30, 2020

Refuse to reload script (CORS) with my settings

Related topics