JQuery use violates content security policy
-
Using version 2.4 with WordPress 4.0, loading the Duo login frame the Chrome browser reports a number of errors relating to the Content Security Policy, and jquery.
These are due to the loading of data URI for PNG images by jQuery, and can likely be resolved by adding “data:” to the image-src in the Content Security Policy.
Currently there is no image-src in CSP, so it uses data-src, and data-src has “self” not “data”. So adding image-src with “self” and “data:” might be the fix.
It may be that image-src of data is deliberately excluded, but then probably you should consider removing the data URI loads from Jquery.
The errors seem harmless in default configuration of browser, but I don’t expect code to routinely attempt to violate the CSP.
- The topic ‘JQuery use violates content security policy’ is closed to new replies.
