Webserver issues regarding CSP and scripts like rocketloader not working

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?
Yes, on StackOverFlow and Google

When you tested your domain using the Cloudflare Diagnostic Center, what were the results?
Link Does Not Work

Describe the issue you are having:

Chrome Console Shows its refusing to load a script…

What error message or number are you receiving?
“Refused to execute inline script because it violates the following Content Security Policy directive: “script-src-elem ‘self’ https://.searchforjohn.com https://ajax.cloudflare.com https://.cloudflareinsights.com”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-l29o1OSaSb4/gFBFicxpq7XMgOOFlNPtRYR8IzI/tes=’), or a nonce (‘nonce-…’) is required to enable inline execution.”

What steps have you taken to resolve the issue?

  1. change CSP to include Cloudflare’s domains
  2. Restart server & webpage
  3. google the issue

Was the site working with SSL prior to adding it to Cloudflare?
it has not been without Cloudflare.

What are the steps to reproduce the error:

  1. unknown

Have you tried from another browser and/or incognito mode?

Please attach a screenshot of the error:

It looks like you have a feature enabled that adds inline script to the page. This could be for Bots, Scrape Shield, Apps, etc.

Unfortunately, for this to work, you will need to include 'unsafe-inline' in the script-src directive for your CSP. Or if its supported by the product (some do, see their documentation for more info like this), you could use nonces.

thanks a million for the quick response! that seemed to fix it! i appreciate it!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.