• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 561
  • Last Modified:

bypassing the CSP error, load the script 'http://xxx/tracking.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Hi;

I am trying to add a JS to a site content in which I have limited accessibility. The JS is for tracking and it resides in another machine and I end up with this

error, load the script 'http://xxx/tracking.js'; because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Any workaround for CSP directive?

Regards.
0
jazzIIIlove
Asked:
jazzIIIlove
  • 2
  • 2
1 Solution
 
ste5anSenior DeveloperCommented:
I don't think so. What is the exact violation? The use of eval()?

I would contact the site admin..
0
 
Julian HansenCommented:
And if you use https?
0
 
jazzIIIloveAuthor Commented:
In Tomcat, when I go to Java tab, and add -Dcontent-security-policy-header=script-src 'self' 'unsafe-inline' 'unsafe-eval', it solved the case.
0
 
ste5anSenior DeveloperCommented:
Sorry, but this means full access, not "limited accessibility" as you wrote in your op.

Caveat: eval() is blocked for good reasons.
0
 
jazzIIIloveAuthor Commented:
As given in the last comment of mine
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now