I cant display CSS style in chrome or firefox instead I get this error:
Refused to apply inline style because it violates the following Content Security Policy directive: “default-src ‘self’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-Px7/U7FvVB0gdAHejj6zZ5qhvm1sCBXmO7rJkx3iyhE=’), or a nonce (‘nonce-…’) is required to enable inline execution. Note also that ‘style-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
Find “Security headers filter configuration” and replace headers with this:
headers {
# The X-Frame-Options header. If null, the header is not set.
#frameOptions = null
# The X-XSS-Protection header. If null, the header is not set.
#xssProtection = null
# The X-Content-Type-Options header. If null, the header is not set.
#contentTypeOptions = null
# The X-Permitted-Cross-Domain-Policies header. If null, the header is not set.
#permittedCrossDomainPolicies = null
# The Content-Security-Policy header. If null, the header is not set.
#contentSecurityPolicy = null
}
Find the “Disabled filters remove elements from the enabled list.” and replace with that:
Just keep in mind that Play is trying to be helpful here. If you have a web app it’s a good idea to set these headers to reasonable values to prevent XSS.