"Directive style-src-elem violated."

Created on 6 September 2020, over 4 years ago
Updated 24 May 2023, over 1 year ago

After configuring seckit pretty tightly we're getting these messages in the logs:

CSP: Directive style-src-elem violated.
Blocked URI: data.
Data: stdClass Object
(
[document-uri] => https://example.com/somepage
[referrer] => https://example2.com
[violated-directive] => style-src-elem
[effective-directive] => style-src-elem
[original-policy] => default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.nostarch.com https://nostarch.com https://ajax.googleapis.com https://www.google-analytics.com https://cdn.userway.org https://api.userway.org; img-src 'self' 'unsafe-inline' https://www.nostarch.com https://nostarch.com https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://api.userway.org https://cdn.userway.org; frame-ancestors 'self'; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net https://api.userway.org; report-uri /report-csp-violation
[disposition] => enforce
[blocked-uri] => data
[line-number] => 60
[column-number] => 1619
[source-file] => https://exampke.com/cdn-cgi/apps/body/SOMESTRING.js
[status-code] => 0
[script-sample] =>
)

It seems like it's being triggered by some functionality added by Cloudflare. Is "style-src-elem" a new option that needs to be added?

✨ Feature request
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States DamienMcKenna NH, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024