Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • chaitanya 4 posts 74 karma points
    Jul 10, 2022 @ 19:00
    chaitanya
    0

    blob

    The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

    I am getting this error.

    I have mentioned directive like this below.

    <add name="Content-Security-Policy" value="default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *;"/>
    
  • Lindow 154 posts 1301 karma points
    Jul 10, 2022 @ 19:16
    Lindow
    0

    Hi there

    Try this tool https://csp-evaluator.withgoogle.com/

  • Huw Reddick 1929 posts 6717 karma points MVP 2x c-trib
    Jul 10, 2022 @ 20:39
    Huw Reddick
    0

    The CSP is a http header or html meta tag, it doesn't go in your web config settings

  • Lindow 154 posts 1301 karma points
    Jul 10, 2022 @ 20:43
    Lindow
    0

    Yes, it does, Huw.

    In v8 you can add it to your web.config under the <customHeaders> tag.

  • Huw Reddick 1929 posts 6717 karma points MVP 2x c-trib
    Jul 11, 2022 @ 06:17
    Huw Reddick
    100

    My bad, I misread an thought they were adding to app settings.

    The issue is most likely the colon : after blob.

    It's not really an umbraco issue.

  • Lindow 154 posts 1301 karma points
    Jul 11, 2022 @ 07:42
    Lindow
    0

    Yeah, I thought about that colon too :)

Please Sign in or register to post replies

Write your reply to:

Draft