Multiple JS error due to content-security-policy

Skip to first unread message

Krunal Jariwala

Mar 31, 2020, 8:20:07 AM3/31/20
to ngx-pagespeed-discuss

With pagespeed module on nginx, we get multiple js related error causing imp site feature to fail. Check

Content Security Policy: The page’s settings blocked the loading of a resource at data:text/javascript,… (“script-src”). js_defer.I4cHjq6EEP.js:9:506

Current content-security-policy set in header is : content-security-policy: default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';

We get the related error on Chrome as well:

js_defer.I4cHjq6EEP.js:9 Refused to load the script 'data:text/javascript,window.pagespeed.psatemp%3D0%3B' because it violates the following Content Security Policy directive: "script-src * 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I am not sure, how to fix this. Can you pls advise.

Reply all
Reply to author
0 new messages