Content Security Policy messages are not really helpful
Categories
(Core :: DOM: Security, enhancement, P3)
Tracking
()
People
(Reporter: leplatrem, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
While loading my Web page I can see this message in the Console:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”).
It does not say anything else (resource? is it script? style?).
And it's really hard to figure out what should be done.
I opened it in Chromium and could read this: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-TYbwAL1uG5EtDAXm/G5TBQKUeiNI1JIfLMh/yMtxDNM='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
That is slightly more helpful!
I now know it's about a style and that it uses default-src
because nothing was explicitly set.
That's it, a quick feedback for some improvement areas ;)
Updated•5 years ago
|
Comment 1•5 years ago
|
||
I know, we are working on it -> see bug 1242016.
Updated•2 years ago
|
Comment 2•2 years ago
|
||
We are working on improving the error messages in other bugs, this doesn't really provide anything new.
Description
•