On 9/17/2020 4:17 PM, Jim Albert wrote:
On 9/17/2020 3:27 PM, Jason Long wrote:Hello,When I added "Header set Content-Security-Policy "default-src 'self';"" to "httpd.conf" then my website style and some graphical features are disable.Why? Thank you.Use your browser's developer tools (usually F12) to view your console errors and warnings. The console will tell you what content your CSP might be blocking. Until you have your CSP set properly you can use a report only CSP header to report what's getting blocked without actually blocking it.https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Onlyhttps://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
Sorry.. I should have phrased the above as:"Until you have your CSP set properly you can use a report only CSP header to report what's in violation of your CSP without actually blocking it."
Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|