I have noticed that my Content security Policy blocks the functionality of the “Get Price” button (and the other one aswell) and I am not exactly sure why.
To be precise, when I click the button, instead of sending a get request to ‘/api/stock-prices…’ it just adds /?stock=GOOG to the link in the browser. (of course only if GOOG was entered)
If I remove my Content Security Policy, everything works fine.
My CSP:
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
styleSrc: ["'self'"]
}}))
Pretty sure, that I need to add some information, but I don’t really know what.
I appreciate your help!
Edit: Removing ‘defaultSrc’ and following the advice of jeremy.a.gray I was able to solve the issue.