[Community Edition] Inline script security error from google analytics script #326
Comments
kfarr
changed the title
kfarr
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This error shows on console on a CE vanilla deployment:
3dstreet.club/:54 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'sha256-vARSGAaZnRYvehlmZaZDRM9BKcw75XaQ3CfjZqo+6nM=' 'self' blob: 'sha256-/S6PM16MxkmUT7zJN2lkEKFgvXR7yL4Z8PCrRrFu4Q8=' 'sha256-MIpWPgYj31kCgSUFc0UwHGQrV87W6N5ozotqfxxQG0w=' 'sha256-ViVvpb0oYlPAp7R8ZLxlNI6rsf7E7oz8l1SgCIXgMvM=' 'sha256-buF6N8Z4p2PuaaeRUjm7mxBpPNf4XlCT9Fep83YabbM=' 'sha256-foB3G7vO68Ot8wctsG3OKBQ84ADKVinlnTg9/s93Ycs=' 'sha256-g0j42v3Wo/ohUAMR/t0EuObDSEkx1rZ3lv45fUaNmYs=' 'sha256-hsbRcgUBASABDq7qVGVTpbnWq/ns7B+ToTctZFJXYi8=' 'unsafe-eval' https://aframe.io https://cdn.jsdelivr.net/docsearch.js/1/docsearch.min.js https://s.ytimg.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://assets.3dstreet.club https://3dstreet.club". Either the 'unsafe-inline' keyword, a hash ('sha256-HdoAyVHHhir7+8DfZLbxtfYc9gLaWgaL6GwPs6mic0k='), or a nonce ('nonce-...') is required to enable inline execution.The inline scripts are in the html files such as:
https://github.com/mozilla/hubs/blob/master/src/index.html#L23
and
https://github.com/mozilla/hubs/blob/master/src/hub.html#L22
A few possible solutions:
The text was updated successfully, but these errors were encountered: