"Content Security Policy (CSP) header cannot be parsed successfully"

cuibonobo / cuibonobo.com

A static site generator for cuibonobo.com

https://cuibonobo.com

Creative Commons Zero v1.0 Universal

0 stars 0 forks source link

"Content Security Policy (CSP) header cannot be parsed successfully" #70

Closed cuibonobo closed 1 year ago

cuibonobo commented 1 year ago

Mozilla HTTP Observatory can't parse my CSP headers for some reason. Testing my site with curl -v shows:

content-security-policy: default-src 'self'; script-src 'self' static.cloudflareinsights.com; object-src 'none' ; frame-ancestors 'none'

Not sure what part of this is not parseable.

cuibonobo commented 1 year ago

Turns out SveltKit is adding <meta http-equiv="content-security-policy" content=""> to my HTML, which causes the HTTP Observatory parsing to fail. Will fix on my end but also created mozilla/http-observatory#492.

cuibonobo commented 1 year ago