Aimee Katherine
asked on
Content Security Policy works as expected on desktop but not on mobile
Hi,
Having a content security policy on one's website is a good way to provide an extra layer of security on one's site.
I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes. On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces. The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that's how it works well on desktop. The problem is that on mobile it's acting as if the hashes and nonces didn't exist. Any tips are appreciated.
Having a content security policy on one's website is a good way to provide an extra layer of security on one's site.
I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes. On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces. The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that's how it works well on desktop. The problem is that on mobile it's acting as if the hashes and nonces didn't exist. Any tips are appreciated.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP