Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 502
  • Last Modified:

bypassing the CSP error, load the script 'http://xxx/tracking.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Hi;

I am trying to add a JS to a site content in which I have limited accessibility. The JS is for tracking and it resides in another machine and I end up with this

error, load the script 'http://xxx/tracking.js'; because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".).

Any workaround for CSP directive?

Regards.
0
jazzIIIlove
Asked:
jazzIIIlove
  • 2
  • 2
1 Solution
 
ste5anSenior DeveloperCommented:
I don't think so. What is the exact violation? The use of eval()?

I would contact the site admin..
0
 
Julian HansenCommented:
And if you use https?
0
 
jazzIIIloveAuthor Commented:
In Tomcat, when I go to Java tab, and add -Dcontent-security-policy-header=script-src 'self' 'unsafe-inline' 'unsafe-eval', it solved the case.
0
 
ste5anSenior DeveloperCommented:
Sorry, but this means full access, not "limited accessibility" as you wrote in your op.

Caveat: eval() is blocked for good reasons.
0
 
jazzIIIloveAuthor Commented:
As given in the last comment of mine
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now