Home > database >  CSP Error: Endpoint Not Permitted Even Though Referenced in Policy?
CSP Error: Endpoint Not Permitted Even Though Referenced in Policy?

Time:12-04

I'm getting this CSP error:

Refused to connect to 'https://cdn.userway.org/remediations/consolidated/123451234/s2345234g5.json' because it violates the following Content Security Policy directive: "connect-src 'self' https://cdn.userway.org/*".

I was expecting https://cdn.userway.org/* in the policy, to permit https://cdn.userway.org/remediations/consolidated/123451234/s2345234g5.json.

What's the correct way to edit the policy so as to avoid this error?

CodePudding user response:

Change connect-src 'self' https://cdn.userway.org/* to the connect-src 'self' https://cdn.userway.org. CSP does not allow using * in the path-part (trailing slash is optional).

In most web-templates the wildcard `*' is interpreted very broadly, for example in Cordova:

<allow-navigation href="*://*.example.com/*" />
<allow-navigation href="http://*/*" />

so this often leads to confusion in the CSP.

Page link:https//www.codepudding.com/database/214815.html

Prev:How many simultaneous fetch calls can a lambda make
Next:Django: Error during WebSocket handshake: Unexpected response code: 500
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding