A Chrome CSP Bug

ricky_tan · October 27, 2018, 1:51pm

I’m a user from China, and I can’t login recently, the chrome console prompt follows:

Refused to load the script 'https://www.gstatic.cn/recaptcha/api2/v1540189908068/recaptcha__zh_cn.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://cdn.heapanalytics.com https://www.google-analytics.com https://js-agent.newrelic.com https://fullstory.com https://*.zopim.com https://Cloudflare.zendesk.com https://www.gstatic.com https://www.recaptcha.net https://captcha.su.baidu.com https://www.google.com https://*.braintreegateway.com https://www.paypalobjects.com https://ajax.googleapis.com".

I try to install a extension to disable CSP to login and post this, and it’s not a long term solution, please fix this

sandro · October 27, 2018, 2:02pm

Could that be related to China cannot display the CAPTCHA of the cloudflare login page?

ricky_tan · October 27, 2018, 2:28pm

Not really, I can access google and also download the js file in a new tab. This problem is due to wrong server configuration

sandro · October 27, 2018, 3:06pm

You can download it but it does not execute. What is your actual issue? The captcha not working?! Its not clear what the issue in the linked thread is, so it could be related.

ricky_tan · October 28, 2018, 2:16am

In fact, the domain gstatic.cn is not in the list

system · November 10, 2018, 1:51pm

This topic was automatically closed after 14 days. New replies are no longer allowed.