Solved

bypassing the CSP error, load the script 'http://xxx/tracking.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Posted on 2014-10-06
5
446 Views
Last Modified: 2014-10-11
Hi;

I am trying to add a JS to a site content in which I have limited accessibility. The JS is for tracking and it resides in another machine and I end up with this

error, load the script 'http://xxx/tracking.js'; because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Any workaround for CSP directive?

Regards.
0
Comment
Question by:jazzIIIlove
  • 2
  • 2
5 Comments
 
LVL 33

Expert Comment

by:ste5an
ID: 40363411
I don't think so. What is the exact violation? The use of eval()?

I would contact the site admin..
0
 
LVL 55

Expert Comment

by:Julian Hansen
ID: 40363474
And if you use https?
0
 
LVL 12

Accepted Solution

by:
jazzIIIlove earned 0 total points
ID: 40363838
In Tomcat, when I go to Java tab, and add -Dcontent-security-policy-header=script-src 'self' 'unsafe-inline' 'unsafe-eval', it solved the case.
0
 
LVL 33

Expert Comment

by:ste5an
ID: 40364090
Sorry, but this means full access, not "limited accessibility" as you wrote in your op.

Caveat: eval() is blocked for good reasons.
0
 
LVL 12

Author Closing Comment

by:jazzIIIlove
ID: 40374620
As given in the last comment of mine
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Insert Button on a table 16 38
Html value of radio 14 31
Can anyone see what is the fault in my javascript code? 8 33
Disable TLS1.0 on Win 2012 server 7 30
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question