https://stackoverflow.com/questions/14958829
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianJust merge the directive values:
script-src 'self' 'unsafe-eval' https://connect.facebook.net; object-src 'self'
How to allow unsafe-eval and Remote Script - CSP Content Security Policy
Pergunta
"GOOGLE EXTENSION WEB APP"
Drives me nuts.
I can't manage to have unsafe-eval and remote script both working.
I can have unsafe eval but the remove script doesn't work. And vice verso.
What failed:
Eval and Remote
"content_security_policy": "script-src https://connect.facebook.net 'unsafe-eval'; object-src 'self' "
What works:
Only Remote
"content_security_policy": "script-src 'self' https://connect.facebook.net; object-src 'self' "
Only Eval
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self' "
How to have both ?
Solução
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
