Solved

bypassing the CSP error, load the script 'http://xxx/tracking.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Posted on 2014-10-06
5
434 Views
Last Modified: 2014-10-11
Hi;

I am trying to add a JS to a site content in which I have limited accessibility. The JS is for tracking and it resides in another machine and I end up with this

error, load the script 'http://xxx/tracking.js'; because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Any workaround for CSP directive?

Regards.
0
Comment
Question by:jazzIIIlove
  • 2
  • 2
5 Comments
 
LVL 33

Expert Comment

by:ste5an
ID: 40363411
I don't think so. What is the exact violation? The use of eval()?

I would contact the site admin..
0
 
LVL 52

Expert Comment

by:Julian Hansen
ID: 40363474
And if you use https?
0
 
LVL 12

Accepted Solution

by:
jazzIIIlove earned 0 total points
ID: 40363838
In Tomcat, when I go to Java tab, and add -Dcontent-security-policy-header=script-src 'self' 'unsafe-inline' 'unsafe-eval', it solved the case.
0
 
LVL 33

Expert Comment

by:ste5an
ID: 40364090
Sorry, but this means full access, not "limited accessibility" as you wrote in your op.

Caveat: eval() is blocked for good reasons.
0
 
LVL 12

Author Closing Comment

by:jazzIIIlove
ID: 40374620
As given in the last comment of mine
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now