A Chrome CSP Bug

ricky_tan · 2018-10-27 13:51:01 UTC

I’m a user from China, and I can’t login recently, the chrome console prompt follows:

Refused to load the script 'https://www.gstatic.cn/recaptcha/api2/v1540189908068/recaptcha__zh_cn.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://cdn.heapanalytics.com https://www.google-analytics.com https://js-agent.newrelic.com https://fullstory.com https://*.zopim.com https://cloudflare.zendesk.com https://www.gstatic.com https://www.recaptcha.net https://captcha.su.baidu.com https://www.google.com https://*.braintreegateway.com https://www.paypalobjects.com https://ajax.googleapis.com".

I try to install a extension to disable CSP to login and post this, and it’s not a long term solution, please fix this

sandro · 2018-10-27 14:02:27 UTC

Could that be related to China cannot display the CAPTCHA of the cloudflare login page?

ricky_tan · 2018-10-27 14:28:34 UTC

Not really, I can access google and also download the js file in a new tab. This problem is due to wrong server configuration

sandro · 2018-10-27 15:06:05 UTC

You can download it but it does not execute. What is your actual issue? The captcha not working?! Its not clear what the issue in the linked thread is, so it could be related.

ricky_tan · 2018-10-28 02:16:39 UTC

In fact, the domain gstatic.cn is not in the list

system · 2018-11-10 13:51:01 UTC

This topic was automatically closed after 14 days. New replies are no longer allowed.