Hi @Li Shi Quan (NCS) ,
After the content security policy is enabled. Browsers examine the sources of pages and determine whether they meet the requirements of the content safety directive. When a resource does not comply with policy directives, the browser does not load the resource.
For example, consider a policy that does not allow third-party scripting. When a page <scr ipt> contains markup with a third-party source in the src attribute, the browser prevents the script from loading.
You can try the following:
- Move all inline code and styles to a separate file and reference it.
- Try adding a config entry as below:
<system.webServer> <httpProtocol> <customHeaders> <add name="Content-Security-Policy" value="default-src 'self';" /> </customHeaders> </httpProtocol> </system.webServer>
The default-src directive defines the default policy for fetching resources such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media. Not all directives fallback to default-src. See the Source List Reference for possible values. https://content-security-policy.com/#source_list
More details can be found here:https://content-security-policy.com
Best regards,
Lan Huang
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.