Open breitembach opened 5 years ago
this seems to be a csp issue. remove the 'unsafe-inline' to allow inline script and add the gstatic.com to the csp. Something like : "Content-Security-Policy: default-src 'self'; script-src 'self' ssl.gstatic.com; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; form-action 'self'"
Refused to load the script 'https://ssl.gstatic.com/accounts/o/3773663888-v2-idpiframe.js' because it violates the following Content Security Policy directive: "script-src 'report-sample' 'nonce-6atNsNpeH6cpEwiVO5AikQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'". 'strict-dynamic' is present, so host-based whitelisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
accounts.google.com/o/oauth2/iframe#origin=http%3A%2F%2Flocalhost%3A4200&rpcToken=1965178898.303193&clearCache=1:1 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'report-sample' 'nonce-6atNsNpeH6cpEwiVO5AikQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.