I wanted to experiment with Javascript and created a file that I opened in Firefox (68.0.1) file:///C:/play/my.html. The file is on JSFiddle at / (but the code works in JSFiddle).
In Firefox when I opened this file I got the following error in the console:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
I looked up how to fix this and tried adding:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ">
but this didn't fix it. The file is shown below (with my failed attempt at adding the Content-Security-Policy meta tag.
What is the correct syntax for the Content-Security-Policy?
NOTE: In Chrome (v76.0.3809.100), this file just worked so that my work around for now.
<!DOCTYPE html>
<html>
<head>
<title>My Async Test</title>
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ">
<meta charset="UTF-8" />
</head>
<body>
<script>
function clickMe() {
f().then(alert);
}
async function f() {
return 1;
}
</script>
Just testing
<button type="button" onclick="clickMe()">Run Async Function</button>
</body>
</html>
Searches
I did a search for how to fix this and came across a solution to disable the Content-Security-Policy.
- Disabling Content Security in Firefox. This worked for me but is pretty heavy handed, so I'd like to know how to do it in my file.
Other results that were helpful were:
How to use Content-Security-Policy with localhost files
The MDN docs for the Content-Security-Policy
How to use Content-Security-Policy with localhost files
How can I read local files from JavaScript with Firefox
I just found tag in StackOverflow for content-security-policy so I'll start that search now.
I wanted to experiment with Javascript and created a file that I opened in Firefox (68.0.1) file:///C:/play/my.html. The file is on JSFiddle at https://jsfiddle/PatS2265/7r4j6ewa/ (but the code works in JSFiddle).
In Firefox when I opened this file I got the following error in the console:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
I looked up how to fix this and tried adding:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google.">
but this didn't fix it. The file is shown below (with my failed attempt at adding the Content-Security-Policy meta tag.
What is the correct syntax for the Content-Security-Policy?
NOTE: In Chrome (v76.0.3809.100), this file just worked so that my work around for now.
<!DOCTYPE html>
<html>
<head>
<title>My Async Test</title>
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google.">
<meta charset="UTF-8" />
</head>
<body>
<script>
function clickMe() {
f().then(alert);
}
async function f() {
return 1;
}
</script>
Just testing
<button type="button" onclick="clickMe()">Run Async Function</button>
</body>
</html>
Searches
I did a search for how to fix this and came across a solution to disable the Content-Security-Policy.
- Disabling Content Security in Firefox. This worked for me but is pretty heavy handed, so I'd like to know how to do it in my file.
Other results that were helpful were:
How to use Content-Security-Policy with localhost files
The MDN docs for the Content-Security-Policy
How to use Content-Security-Policy with localhost files
How can I read local files from JavaScript with Firefox
I just found tag in StackOverflow for content-security-policy so I'll start that search now.
Share Improve this question edited Aug 9, 2019 at 19:24 PatS asked Aug 9, 2019 at 17:38 PatSPatS 11.6k17 gold badges70 silver badges122 bronze badges 6- 3 Just run a local server – epascarello Commented Aug 9, 2019 at 17:40
- 1 That's not an option. I can't install any software on work machine and it doesn't have python or node, or other development apps that I would typically use on my development box. I typically use codesandbox.io but ran into a problem which I've since fixed. See df35m.csb.app. I was curious why this didn't just work in Firefox! – PatS Commented Aug 9, 2019 at 17:50
- You can't run node or python? – epascarello Commented Aug 9, 2019 at 17:50
- @epascarello, I updated my previous ment to address this suggestion. – PatS Commented Aug 9, 2019 at 17:53
- 2 Works fine in my Firefox, do you have any add-ons by chance? Did you try in a clean profile? – Nickolay Commented Aug 11, 2019 at 7:16
1 Answer
Reset to default 7Well I feel a little bit embarrassed that I didn't get this sooner. I have to credit @Nickolay for menting that he did not see this problem and asked if it could be an AddOn, or if I had tried this in a new profile, so I checked both.
I created a clean profile using about:profiles and clicking on Create a New Profile, and when I ran in that profile it worked!
Next I realized that I had the Add-On NoScript enabled which was preventing Javascript from running on the on the local files (file:///C:/)!
After I enabled local files in NoScript the problem went away.
Doh (hand hitting forehead).