Home > Blockchain >  Content Security Policy: Refused to load image
Content Security Policy: Refused to load image

Time:12-08

I'm getting the following Content Security Policy error:

Refused to load the image https://www.xy.de/images/icons/shirt.png because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

I want to fix this error with the use of my .htaccess file. I tried to set the header like that:

<IfModule mod_headers.c>

Header always set Content-Security-Policy "script-src 'none' img-src 'self' data:"

</IfModule>

This shows no effect, I still get the same CSP-error. What would be the correct way to set up the header?

CodePudding user response:

Based on your input and the error message you are likely trying to add a CSP to a page that already has one. Adding another policy won't make the existing one less strict. The existing policy can be found in a response header or a meta tag. You need to identify the policy and where it is set and modify that one. Alternatively you can remove it and use the one you have shown above.

Page link:https//www.codepudding.com/Blockchain/635880.html

Prev:How to prevent Crashlytics from logging crashes during development in Android
Next:How to improve UI Selection logic?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding