I’m following this tutorial and I’m getting this error:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”).
How do I get around this policy on localhost?
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
You may have a meta tag like that one in your head in html code, try to remove it.
Solution 2: javascript - Content Security Policy: The page's settings blocked the loading of a resource - Stack Overflow
Solution 3:
You may need to put a middleware before your controllers like this:
app.use(function(req, res, next) {
res.setHeader("Content-Security-Policy", "script-src 'self' https://your.domain.com");
next();
});
Thank you for the response.
So, in your code, where you said ‘https://your.domain…’, I could just put localhost?
Yes, you can put localhost there.
I have a variable:
const PORT = process.env.PORT || 3000;
could I use PORT instead of localhost
(don’t know why, but my question mark key stopped working)
Thank you again for your help
You can’t not use a port. Port is basically a virtual point where network connections start and end. Some protocols like protocols for pinging may not use a port because they are targeted to a different OSI level (network level for pinging).
So your connections with http protocol will always use a port.
This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.