javascriptaxioscontent-security-policyscript-src

Refused to load the script : Content-Security-Policy


Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/axios/0.18.0/axios.min.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

script(src='https://cdnjs.cloudflare.com/ajax/libs/axios/0.18.0/axios.min.js')

so i tried adding this meta header though it throws the same error

meta(http-equiv='Content-Security-Policy' content="script-src 'self' https://cdnjs.cloudflare.com/ 'unsafe-inline' 'unsafe-eval'")

Solution

  • if you are using helmet in node then this worked for me

    app.use( helmet({ contentSecurityPolicy: false }) );