Content-security-policy deny the script from third-party system, but few third-party application and system needs to be allow so that we can use their libraries in our web application. In this case since the content security policy blocked all script hence our application is unable to load any library from cdn.tiny.cloud host. Lets see the error ans solution in detail.
Error
Refused to load the script 'https://cdn.tiny.cloud/1/rashidjorvee/tinymce/6/tinymce.min.js' because it violates the following Content Security Policy directive: "script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' rashidjorvee.com adobeaemcloud.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Solution
Using dispatcher config we can solve this by adding content-security-policy and allow that domain.
<IfModule mod_headers.c>
Header add X-Vhost "publish"
Header always set X-XSS-Protection "1; mode=block"
Header always set content-security-policy "script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' *.tiny.cloud *.adobeaemcloud.com
</IfModule>
No comments:
Post a Comment