Solved

bypassing the CSP error, load the script 'http://xxx/tracking.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Posted on 2014-10-06
5
459 Views
Last Modified: 2014-10-11
Hi;

I am trying to add a JS to a site content in which I have limited accessibility. The JS is for tracking and it resides in another machine and I end up with this

error, load the script 'http://xxx/tracking.js'; because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Any workaround for CSP directive?

Regards.
0
Comment
Question by:jazzIIIlove
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 34

Expert Comment

by:ste5an
ID: 40363411
I don't think so. What is the exact violation? The use of eval()?

I would contact the site admin..
0
 
LVL 57

Expert Comment

by:Julian Hansen
ID: 40363474
And if you use https?
0
 
LVL 12

Accepted Solution

by:
jazzIIIlove earned 0 total points
ID: 40363838
In Tomcat, when I go to Java tab, and add -Dcontent-security-policy-header=script-src 'self' 'unsafe-inline' 'unsafe-eval', it solved the case.
0
 
LVL 34

Expert Comment

by:ste5an
ID: 40364090
Sorry, but this means full access, not "limited accessibility" as you wrote in your op.

Caveat: eval() is blocked for good reasons.
0
 
LVL 12

Author Closing Comment

by:jazzIIIlove
ID: 40374620
As given in the last comment of mine
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
The viewer will learn how to count occurrences of each item in an array.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question