DEV Community

Discussion on: What is CSP? Why & How to Add it to Your Website.

Collapse
 
rognoni profile image
Rognoni

What is the way to remove it?

Refused to connect to 'https://raw.githubusercontent.com/rognoni/monastic-browser/master/README.md' 
because it violates the following Content Security Policy directive: "
default-src 'self' 'unsafe-eval' 'unsafe-inline' 
data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org". 
Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

web.archive.org/web/20190601081552...

Collapse
 
mattferderer profile image
Matt Ferderer

You have to disable it in your browser via a config file or extension of some sort. I would suggest searching for "disable browser csp nameOfYourBrowser" to find directions for your specific browser.

Collapse
 
rognoni profile image
Rognoni • Edited

Yes, I found this Chrome extension (but cross-browser would be better)
github.com/PhilGrayson/chrome-csp-...

This is another similar problem with CORS policy

Access to XMLHttpRequest at 'https://monastic.neocities.org/index.md' 
from origin 'https://monastic.netlify.com' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource.