Intermittent CSP Block on stock checker server

Tell us what’s happening:
Hey guys,

I have been getting a strange and intermittent issue that I cannot pin down working on this project.

I run the project locally hosted on my computer using vscode and I’ve been getting an issue every now and then where for no apparent reason my requests get blocked.

Right this moment I have been getting it the issue on my normal session and everything working fine on the incognito session of the same browser(chrome) during the same execution of my locally ran server.

Using the network tab, I managed to notice that in my incognito browser, entering a ticker and pressing get price launches a request that is received normally by my server but on the regular session it sends out 4 requests one of which gets intercepted stating the CSP policy regarding jquery-2.2.1.min.js.

I also noticed that on the incognito the URL isn’t updated as it is on the regular browser.

I am uploading a screenshot which might help making sense of what I am trying to describe.

The problem is on the normal when I do get this error (and it isn’t always), things aren’t working and I am wondering what is causing this.

I am pretty sure it has nothing to do with my own policy implemented in server.js file as even when commented out it produces the same issue.

Here is what I am looking at :

Any clue on what am I doing wrong?


Your code so far

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36.

Challenge: Stock Price Checker

Link to the challenge:

If you can post a link to a live project on, you may get more help or the problem may vanish; what follows below is my best hunch.

I run mine locally on a node dev server without problem, but I vaguely remember having this problem. I think you have two alternatives. One, add jquery locally and serve it with your other files. That should avoid the cross site problem as it’s on the same site. Two, you could add whatever domain you are getting jquery from to the scriptSrc entry of the content security policy of your helmet configuration (I did this). If it’s allowed, it should avoid the problem.

I have no idea why the problem is intermittent, unless something is caching the jquery file and serving it locally without telling you; I don’t use vscode and I don’t know if it’s that smart.

Or maybe the stock price API is just tired from all the Game Stop quotes it’s having to send.

Haha Alright, Thanks!

Kinda validates my experience that you mention vaguely remembering about it…

Unfortunately it doesn’t seem to be a problem when hosted online so I don’t think it would be useful for me to share…

It’s not really a big problem either as I do have a few workarounds when it happened but I just was intrigued and wanted to dig a bit to understand what was happening as it doesn’t make any sense to me really…

Thanks for taking the time to read and answer!