On 9/17/2020 4:17 PM, Jim Albert wrote:
On 9/17/2020 3:27 PM, Jason Long wrote:
Hello,
When I added "Header set Content-Security-Policy "default-src
'self';"" to "httpd.conf" then my website style and some graphical
features are disable.
Why?
Thank you.
Use your browser's developer tools (usually F12) to view your console
errors and warnings. The console will tell you what content your CSP
might be blocking.
Until you have your CSP set properly you can use a report only CSP
header to report what's getting blocked without actually blocking it.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
Sorry.. I should have phrased the above as:
"Until you have your CSP set properly you can use a report only CSP
header to report what's in violation of your CSP without actually
blocking it."
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
