I have configured s3 Static website CloudFront with lambda@Edge aws cognito. When I open Cloudfront URL after authenticating with cognito it shows above errors that it is not able to load the page due to security issues.
Repo: https://github.com/qoomon/aws-s3-bucket-browser
Link to refer: https://medium.com/@saurishkar/setting-up-aws-http-authentication-on-cloudfront-s3-using-cognito-and-lambda-edge-166ee38d471e
added below line to HTML but still gives an error.
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' * ">
Error: Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”)
Any help appreciated.
CodePudding user response:
CSPs can be expressed in HTTP headers and in HTML <meta>
tags, but HTTP headers trump <meta>
tags.
If you added a CSP using a <meta>
tag but you have CSP related error messages before, then you haven't done anything useful since the existing HTTP headers will override the <meta>
tag.
Remove the <meta>
tag again. Then change the HTTP headers.