A Chrome CSP Bug


#1

I’m a user from China, and I can’t login recently, the chrome console prompt follows:

Refused to load the script 'https://www.gstatic.cn/recaptcha/api2/v1540189908068/recaptcha__zh_cn.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://cdn.heapanalytics.com https://www.google-analytics.com https://js-agent.newrelic.com https://fullstory.com https://*.zopim.com https://cloudflare.zendesk.com https://www.gstatic.com https://www.recaptcha.net https://captcha.su.baidu.com https://www.google.com https://*.braintreegateway.com https://www.paypalobjects.com https://ajax.googleapis.com".

I try to install a extension to disable CSP to login and post this, and it’s not a long term solution, please fix this


#2

Could that be related to China cannot display the CAPTCHA of the cloudflare login page?


#5

Not really, I can access google and also download the js file in a new tab. This problem is due to wrong server configuration


#6

You can download it but it does not execute. What is your actual issue? The captcha not working?! Its not clear what the issue in the linked thread is, so it could be related.


#7

In fact, the domain gstatic.cn is not in the list


#8

This topic was automatically closed after 14 days. New replies are no longer allowed.