how to fix error " Refused to execute inline script because it violates the following Content Security Policy directive:

Question

i want using iframe in html but i got this error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.

my code :

<iframe src="test.com" height="200" width="300" title="Iframe Example"></iframe>

how can i fix this error thanks inadvance

granty granty · Accepted Answer · 2021-01-25T07:53:44

Iframe it has nothing to do with it, you have an inline script like <script>...</script> in the HTML code. Therefore you have opts:

to add 'unsafe-inline' into script-src directive (unsafe way)
to use 'nonce-value'
to use 'hash-value' 'sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='
move inline script to external file, and it will fall under 'self' token allowance.

how to fix error " Refused to execute inline script because it violates the following Content Security Policy directive:

1 Answers