Refuse to reload script (CORS) with my settings

I get this error for scripts on my site:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src


Either the 'unsafe-inline' keyword, a hash ('sha256-S+X8s301GQoAcOI+8hjPS+QG94Q='), or a nonce ('nonce-...') is required to enable inline execution.

I am using iubenda and adsense. I put DISCOURSE_ENABLE_CORS: true in app.yml and rebuild the app.

I put this in the security.

I still get the errors.

How to resolve that please.

That error means you are trying to run a script inline, which is disallowed by your current CSP configuration.

You have two options:

  1. Fix the script that is trying to execute the inline. (recommended)

  2. Disable CSP (not recommended)