Hi,
I am seeing the error, "Content Security Policy blocked 'ms-browser-extension'.
Violated-directive: font-srcEffective-directive: font-src "
In production environment error log. Not able to replicate in test environment.
How can I resolve this as I dont see any URL name which is blocked in the error message to include it in configuration file or what's causing this error and how can this be resolved if its due to the bowser extension from client causing this issue?
Thanks and Regards,
Ramya
Hi @Ramya somashekaraiah ,
kindly refer this discussion, it might help:
https://www.outsystems.com/forums/discussion/91651/content-security-policy-blocked/
Thanks,
Dhanasingh Dennison.
Okay Will try to check in prod as I dont have acess to prod had to try to replicate in non prod environments. Seems like as per the post have to figure out the URI need to check directly in prod by inspect element in browser and then to check in console as non prod its not replicable.
Will update thank you for the suggestion as per error log not seeing the URI so I was thinking the issue is due to some extension installed on the broswer at client side (referred some posts in stack overflow) blocking to load the URI.
Regards,
Check you font urls. Are you loading font from outside ?
This error message means that your browser's Content Security Policy (CSP) is preventing a font from loading from a Microsoft browser extension, specifically identified as "ms-browser-extension", because the policy set on your website does not allow fonts to be loaded from that source.
If possible please provide screenshot or test url where I can check it.
I already looked into this. If I had uri, would have added like I already know where to add and solved similar issue for blocking the content of the data.
In this case I am not seeing external URI other than self even in error log its not showing me any external URI
"Content Security Policy blocked 'ms-browser-extension'." Violated-directive: font-src
This means that a browser extension, specifically a Microsoft browser extension (e.g., for Edge), attempted to inject or load a font resource in your web page, but your Content Security Policy (CSP) blocked it.
Means:
ms-browser-extension://... is a scheme used by Microsoft Edge browser extensions.
The CSP font-src directive does not allow loading fonts from ms-browser-extension://, hence the browser logs this as a violation.
This is not something wrong in your application code, nor is it likely to cause functionality issues for your users.