W3C says there is a new attribute in HTML5.1 called nonce for style and script that can be used by the Content Security Policy of a website. I googled about it but finally didn’t get it what actually this attribute does and what changes when using it? 1 Answer 1
I’m getting a bunch of errors in the developer console: Refused to evaluate a string Refused to execute inline script because it violates the following Content Security Policy directive Refused to load the script Refused to load the stylesheet What’s this all about? How does Content Security Policy (CSP) work? How do I use the … Read more
In this simple example, I’m trying to set a CSP header with the meta http-equiv header. I included a base64 image and I’m trying to make Chrome load the image. I thought the data keyword should do that, but somehow it’s not working. I just get the following error in Developer Tools: Refused to load … Read more
