Not really sure how I should be doing this.Ĭ/hash/ CSP guide on hashes, I should beĪble to add the hash as per my console to the directive.
How exactly is the correct way to hash a CSP directive? And why are there multiple errors for the same directive, is this basically one for each domain specified? Should one hash cover all the domains specified? script-src 'self' 'sha256-oKmCrr+GWRARSXYeVJshOWETr0oqOtt73CNO8efpujQ=' The easiest way to generate it is to just open the developer tools console and it will output what the expected hash of your script was in the console error message.īut if I modify my directive to include the hash (example below), I still get the same error in console (obviously with a different hash). Specifically in this example: script-src 'self' From what I gathered from reading the CSP guide on hashes, I should be able to add the hash as per my console to the directive. Here is the corresponding content security policy directive: add_header Content-Security-Policy "default-src 'self' script-src 'self' style-src 'self' img-src 'self' font-src 'self' " Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' Either the 'unsafe-inline' keyword, a hash ('sha256-pS4U圓ilo+JLn8IadtJGfyO9z7jqIrGUONfEUDLxoPk='), or a nonce ('nonce-.') is required to enable inline execution. I am trying to use a hash with my content security policy.īelow are two example errors in my console: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' Either the 'unsafe-inline' keyword, a hash ('sha256-oKmCrr+GWRARSXYeVJshOWETr0oqOtt73CNO8efpujQ='), or a nonce ('nonce-.') is required to enable inline execution.
0 kommentar(er)
