TechQA.

Content Security Policy self blocking inline

127 views Asked by At

In my experience, the header below, when enabled, blocks inline script on the page.

Content-Security-Policy: default-src 'self'.

Why is inline code not considered "self"?

I know I can use nonce or other work arounds to allow inline, or move to external files. I'm just interested to know why inline code isn't considered self.

Hope that makes sense

javascript html inline content-security-policy inline-scripting
Original Q&A
1

There are 1 answers

0
livesamarthgupta On BEST ANSWER

By default inline code is disabled, not just because of default-src 'self'. To enabled inline code one has to use unsafe-inline in script-src

Related Questions in JAVASCRIPT

Related Questions in HTML

Related Questions in INLINE

Related Questions in CONTENT-SECURITY-POLICY

Related Questions in INLINE-SCRIPTING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions