Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Having issue with Content Security Policy in my frontend pages

by |Published

I am facing the issue in the console With Content Security Policy ,I cant disable the Module Magento_Csp ,Please suggest the solution based on my efollowing console error

[Report Only] Refused to load the stylesheet 'https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css' because it violates the following Content Security Policy directive: "style-src https://fonts.googleapis.com 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

/checkout/cart/:422 Error: <svg> attribute width: Expected length, "width=".
/checkout/cart/:422 Error: <svg> attribute height: Unexpected end of attribute. Expected length, "".
sandbox.sapphirerings.org/:1 [Report Only] Refused to load the font 'https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0' because it violates the following Content Security Policy directive: "font-src https://www.gstatic.com https://fonts.gstatic.com

*.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: ‘self’ ‘unsafe-inline'”.

sandbox.sapphirerings.org/:1 [Report Only] Refused to load the font 'https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff?v=4.7.0' because it violates the following Content Security Policy directive: "font-src https://www.gstatic.com https://fonts.gstatic.com

*.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: ‘self’ ‘unsafe-inline'”.

sandbox.sapphirerings.org/:1 [Report Only] Refused to load the font 'https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf?v=4.7.0' because it violates the following Content Security Policy directive: "font-src https://www.gstatic.com https://fonts.gstatic.com

*.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: ‘self’ ‘unsafe-inline'”.

sandbox.sapphirerings.org/:1841     GET https://sandbox.sapphirerings.org/media/.renditions/wysiwyg/sapphire-rings/jbt.png 403 (Forbidden)
sandbox.sapphirerings.org/:1841     GET https://sandbox.sapphirerings.org/media/.renditions/wysiwyg/sapphire-rings/gialogo.png 403 (Forbidden)
5[Report Only] Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src <URL> <URL> googleads.g.doubleclick.net analytics.google.com <URL> geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com <URL> <URL> <URL> t.paypal.com s.ytimg.com <URL> vimeo.com <URL> *.vimeocdn.com

*.youtube.com *.affirm.com *.affirm.ca player.vimeo.com *.authorize.net sandbox-assets.secure.checkout.visa.com *.stripe.com klarna.com
*.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com ‘self’ ‘unsafe-inline’ ‘unsafe-eval'”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

js?id=UA-122727495-1:355 [Violation] 'setTimeout' handler took 109ms
VM10928 counter.js:1 [Report Only] Refused to connect to 'https://c.statcounter.com/t.php?sc_project=8342565&u1=DBCCF92A25D74F0A557A9D9CF1FF78EA&java=1&security=51170b04&sc_snum=1&sess=de22c1&p=0&pv=6&rcat=d&rdomo=d&rdomg=34&jg=34&rr=18.14.14.10.9.7.4.4.1&resolution=1920&h=1200&camefrom=https%3A//sandbox.sapphirerings.org/natural-pear-cut-sapphire-2-40-ct-gia-certified-24023&u=https%3A//sandbox.sapphirerings.org/checkout/cart/&t=Shopping%20Cart&invisible=1&sc_rum_e_s=7050&sc_rum_e_e=7246&sc_rum_f_s=0&sc_rum_f_e=2471' because it violates the following Content Security Policy directive: "connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com *.authorize.net *.stripe.com klarna.com

*.klarna.com *.klarnacdn.net *.klarnaevt.com ‘self’ ‘unsafe-inline'”.

(anonymous) @ VM10928 counter.js:1
lt @ VM10928 counter.js:1
ie @ VM10928 counter.js:1
(anonymous) @ VM10928 counter.js:1
setTimeout (async)
s.record_pageview @ VM10928 counter.js:1
(anonymous) @ VM10928 counter.js:1
VM10928 counter.js:1 [Report Only] Refused to connect to 'https://c.statcounter.com/t.php?sc_project=8342565&u1=DBCCF92A25D74F0A557A9D9CF1FF78EA&java=1&security=51170b04&sc_snum=1&sess=de22c1&p=0&pv=6&rcat=d&rdomo=d&rdomg=34&jg=34&rr=18.14.14.10.9.7.4.4.1&resolution=1920&h=1200&camefrom=https%3A//sandbox.sapphirerings.org/natural-pear-cut-sapphire-2-40-ct-gia-certified-24023&u=https%3A//sandbox.sapphirerings.org/checkout/cart/&t=Shopping%20Cart&invisible=1&sc_rum_e_s=7050&sc_rum_e_e=7246&sc_rum_f_s=0&sc_rum_f_e=2471' because it violates the following Content Security Policy directive: "connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com *.authorize.net *.stripe.com klarna.com

*.klarna.com *.klarnacdn.net *.klarnaevt.com ‘self’ ‘unsafe-inline'”.

(anonymous) @ VM10928 counter.js:1
lt @ VM10928 counter.js:1
ie @ VM10928 counter.js:1
(anonymous) @ VM10928 counter.js:1
setTimeout (async)
s.record_pageview @ VM10928 counter.js:1
(anonymous) @ VM10928 counter.js:1
counter.js:1 [Violation] 'setTimeout' handler took 53ms
counter.js:1 [Report Only] Refused to connect to 'https://c.statcounter.com/t.php?sc_project=8342565&u1=DBCCF92A25D74F0A557A9D9CF1FF78EA&java=1&security=51170b04&sc_snum=2&sess=de22c1&p=0&pv=6&rcat=d&rdomo=d&rdomg=0&jg=0&rr=18.14.14.10.9.7.4.4.1&resolution=1920&h=1200&camefrom=https%3A//sandbox.sapphirerings.org/natural-pear-cut-sapphire-2-40-ct-gia-certified-24023&u=https%3A//mydomain/checkout/cart/&t=Shopping%20Cart&invisible=1&sc_rum_e_s=7257&sc_rum_e_e=7325&sc_rum_f_s=0&sc_rum_f_e=2471' because it violates the following Content Security Policy directive: "connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com *.authorize.net *.stripe.com klarna.com

*.klarna.com *.klarnacdn.net *.klarnaevt.com ‘self’ ‘unsafe-inline'”.

(anonymous) @ counter.js:1
lt @ counter.js:1
ie @ counter.js:1
(anonymous) @ counter.js:1
setTimeout (async)
s.record_pageview @ counter.js:1
(anonymous) @ counter.js:1
counter.js:1 [Report Only] Refused to connect to 'https://c.statcounter.com/t.php?sc_project=8342565&u1=DBCCF92A25D74F0A557A9D9CF1FF78EA&java=1&security=51170b04&sc_snum=2&sess=de22c1&p=0&pv=6&rcat=d&rdomo=d&rdomg=0&jg=0&rr=18.14.14.10.9.7.4.4.1&resolution=1920&h=1200&camefrom=https%3A//sandbox.sapphirerings.org/natural-pear-cut-sapphire-2-40-ct-gia-certified-24023&u=https%3A//sandbox.sapphirerings.org/checkout/cart/&t=Shopping%20Cart&invisible=1&sc_rum_e_s=7257&sc_rum_e_e=7325&sc_rum_f_s=0&sc_rum_f_e=2471' because it violates the following Content Security Policy directive: "connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com *.authorize.net *.stripe.com klarna.com

*.klarna.com *.klarnacdn.net *.klarnaevt.com ‘self’ ‘unsafe-inline'”.

(anonymous) @ counter.js:1
lt @ counter.js:1
ie @ counter.js:1
(anonymous) @ counter.js:1
setTimeout (async)
s.record_pageview @ counter.js:1
(anonymous) @ counter.js:1
8[Report Only] Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com data: <URL> <URL> googleads.g.doubleclick.net <URL> bid.g.doubleclick.net analytics.google.com <URL> *.ftcdn.net *.behance.net t.paypal.com <URL> <URL> fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.affirm.com *.affirm.ca <URL> <URL> <URL> <URL> maps.gstatic.com data: 'self' 'unsafe-inline'".

[Violation] 'setTimeout' handler took 110ms
jquery.js:3832 [Violation] 'setTimeout' handler took 64ms

You may also like