Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP error #4584

Closed
shijinkui opened this issue May 23, 2018 · 2 comments
Closed

CSP error #4584

shijinkui opened this issue May 23, 2018 · 2 comments
Labels
locked-by: lock-bot

Comments

@shijinkui
Copy link

https://developers.google.com/web/fundamentals/security/csp/

console error:

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-LoRoO6OMviGCfhXJUj63yDGHIZK/0AuCGp66OwoMNwQ='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

api:36 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-ezdv1bOGcoOD7FKudKN0Y2Mb763O6qVtM8LT2mtanIU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

api:73 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-vq1jvjjL8Pg4WYDXzOZUl+4fHrT8Vn+zP+xZhniWjsM='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

Q&A (please complete the following information)

  • OS: [e.g. macOS]
  • Browser: [e.g. chrome, safari]
  • Version: [e.g. 22]
  • Method of installation: [e.g. npm, dist assets]
  • Swagger-UI version: [e.g. 3.10.0]
  • Swagger/OpenAPI version: [e.g. Swagger 2.0, OpenAPI 3.0]

Content & configuration

Example Swagger/OpenAPI definition:

# your YAML here

Swagger-UI configuration options:

SwaggerUI({
  // your config options here
})
?yourQueryStringConfig

Describe the bug you're encountering

To reproduce...

Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior

Screenshots

Additional context or thoughts
@shockey
Copy link
Contributor

shockey commented May 23, 2018

Thanks @shijinkui, we're already tracking this in #3370 😄

@shockey shockey closed this as completed May 23, 2018
@lock
Copy link

lock bot commented Jul 1, 2019

Locking due to inactivity.
This is done to avoid resurrecting old issues and bumping long threads with new, possibly unrelated content.
If you think you're experiencing something similar to what you've found here: please open a new issue, follow the template, and reference this issue in your report.
Thanks!

@lock lock bot locked and limited conversation to collaborators Jul 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
locked-by: lock-bot
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shijinkui @shockey