1
vote
Accepted
Firefox Security Error: Content at http://localhost:xxxx/ may not load data from blob:http://localhost:xxxx/... when assigning blob url of MediaSource
Very weird bug where it seems they don't hold the link between the MediaSource and the blob: URL when this latter isn't consumed in the same task it was created. Here is an actual minimal example:
...
1
vote
Failed to download and view the file from the local path (ERR_BLOCKED_BY_CLIENT)
Looks like an old issue for Chromium. Though they delivered a fix later, the problem has recently reappeared somehow.
Some workarounds you can try now:
Drop the sandbox CSP attribute for PDFs.
Open ...
1
vote
Adding Server Headers to Vite React Project isn't working
How you enable the server.https?
Try import basicSsl from '@vitejs/plugin-basic-ssl' and add basicSsl() in plugins
If you have your own certificate, you should add the server options in server.https ...
1
vote
Testing Content Security Policy report-to in localhost
I was able to test CSP locally in Chrome (v126) by using a public domain that resolves to 127.0.0.1. See for example https://gist.github.com/tinogomes/c425aa2a56d289f16a1f4fcb8a65ea65#i-have-no-...
1
vote
It is possible to see nonce value using cURL?
yes it is possible with -v or --verbose and it is not the only option look here How to display request headers with command line curl
Only top scored, non community-wiki answers of a minimum length are eligible
Related Tags
content-security-policy × 2875javascript × 803
html × 322
security × 250
google-chrome-extension × 227
google-chrome × 188
iframe × 174
reactjs × 172
node.js × 141
http-headers × 136
angular × 133
express × 99
css × 98
cordova × 93
nonce × 87
firefox × 86
jquery × 83
php × 78
nginx × 65
xss × 65
http × 64
asp.net × 57
apache × 53
.htaccess × 48
vue.js × 47