iolates the following Content Security Policy directive

  • jamiee89

    (@jamiee89)


    1 month ago

    I am getting hundreds of errors like this on a few sites:

    v1?ray=9176ff695a8c6aa8&lang=auto:1 Refused to run the JavaScript URL because it violates the following Content Security Policy directive: “script-src ‘nonce-2FJOZlu8U35OlRS0’ ‘unsafe-eval'”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-…’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present.

    Is this an error or am i doing somthing wrong?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Bet Hannon

    (@bethannon1)

    It looks like this is a bigger Cloudflare issue:
    https://community.cloudflare.com/t/turnsite-csp-violation-how-to-fix/772672

    I’m having this issue too.

    • This reply was modified 1 month ago by Bet Hannon.
    amanandhishoe

    (@amanandhishoe)

    This must be something new as when I first started using Turnstile, I was not getting csp errors with it, and I have a strict csp that evaluates all inline javascript before I send out a page and calculates sha256 hashes to those javascript. The result is that my csp contains an extensive list of allowable hashes for inline scripts. Any inline javascript that does not generate one of those hashes won’t run.
    However, I don’t see these csp errors as stopping Turnstile from running. There seem to be calls inside Turnstile that are blocked from running.

    Moderator Bet Hannon

    (@bethannon1)

    The CSP errors don’t stop Turnstile from firing (I’m seeing all my testing in the Turnstile analytics), but they are preventing the action from completing — for instance, submitting a form.

    Thread Starter jamiee89

    (@jamiee89)

    I’m glad its not an error on my part. But concerning it is affecting many people. do we know if theres a fix i nthe works?

    Same on my side, the browser console shows multiple errors. This was working some days ago.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.