Hi,
I cant display CSS style in chrome or firefox instead I get this error:
Refused to apply inline style because it violates the following Content Security Policy directive: “default-src ‘self’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-Px7/U7FvVB0gdAHejj6zZ5qhvm1sCBXmO7rJkx3iyhE=’), or a nonce (‘nonce-…’) is required to enable inline execution. Note also that ‘style-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
Can someone help me with this?
Thanks
Set your content security policy to null.
https://www.playframework.com/documentation/2.6.x/SecurityHeaders
More here
https://nvisium.com/resources/blog/2017/10/04/play-2-6-security-analysis.html
Thanks, I solved my problem and here is how
Open application.conf
Find “Security headers filter configuration” and replace headers with this:
headers {
# The X-Frame-Options header. If null, the header is not set.
#frameOptions = null
# The X-XSS-Protection header. If null, the header is not set.
#xssProtection = null
# The X-Content-Type-Options header. If null, the header is not set.
#contentTypeOptions = null
# The X-Permitted-Cross-Domain-Policies header. If null, the header is not set.
#permittedCrossDomainPolicies = null
# The Content-Security-Policy header. If null, the header is not set.
#contentSecurityPolicy = null
}
disabled += “play.filters.headers.SecurityHeadersFilter”
If you really want to disable the filter, you shouldn’t need anything more than:
play.filters.disabled += "play.filters.headers.SecurityHeadersFilter"
Just keep in mind that Play is trying to be helpful here. If you have a web app it’s a good idea to set these headers to reasonable values to prevent XSS.
You have the section behind comments, so that doesn’t do anything.
You also don’t need to disable the filter. You only need to set
contentSecurityPolicy = null
and that should take care of it.