5
Views
2
Comments
[Firebase Web Analytics] Refused to load the script 'https://www.gstatic.co
Forge component by Bogdan Boglea
1
Published on 06 Jul 2020
Application Type
Reactive

When i wanna try to use this Component in my Enterprice Enviroment i have the following error?

there is the  way to unlock this protecction??

https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Apply_Content_Security_Policy


Thanks!!!


Refused to load the script 'https://www.gstatic.com/firebasejs/8.2.1/firebase-app.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.



Home.aspx?_ts=637447494426163036:1 Refused to load the script 'https://www.gstatic.com/firebasejs/8.2.1/firebase-analytics.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.



Rank: #3348

Hello,


Not sure if it will work, but I know that it's possible to also define some exceptions to the CSP directives. It's either from Service Center or LifeTime and under security settings you should find some text boxes where you can define these exceptions.


Regards,

Bogdan

Rank: #23710

Thanks Bogdan 

I am reading this lesson 

https://www.outsystems.com/training/lesson/1135/javascript-and-jquery-in-traditional-web-applications

and find another way to import , but the isue is other now, i am checking this, with the our system administrator.



Firebase is working but the site is block


  1. Content Security Policy of your site blocks some resources because their origin is not included in the content security policy header

    1. The Content Security Policy (CSP) improves the security of your site by defining a list of trusted sources and instructs the browser to only execute or render resources from this list. Some resources on your site can't be accessed because their origin is not listed in the CSP.

      To solve this, carefully check that all of the blocked resources listed below are trustworthy; if they are, include their sources in the content security policy of your site. You can set a policy as a HTTP header (recommended), or via an HTML <meta> tag.

      ?? Never add a source you don't trust to your site's Content Security Policy. If you don't trust the source, consider hosting resources on your own site instead.

    2. AFFECTED RESOURCES
      1. 3 directives

        1. ResourceStatusDirectiveSource code
          https://www.googletagmanager.com/gtag/js?l=dataLayerblockedscript-src-elemfirebase-analytics.js:1
          https://firebase.googleapis.com/v1alpha/projects/-/apps/1:277891544804:web:53d5a72c6bce04038e9ef1/webConfigblockedconnect-srcfirebase-analytics.js:1

          blockedconnect-srcfirebase-analytics.js:1

      • Learn more: Content Security Policy - Source Allowlists