re: What is CSP? Why & How to Add it to Your Website. VIEW POST


What is the way to remove it?

Refused to connect to '' 
because it violates the following Content Security Policy directive: "
default-src 'self' 'unsafe-eval' 'unsafe-inline' 
data: blob:". 
Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.


You have to disable it in your browser via a config file or extension of some sort. I would suggest searching for "disable browser csp nameOfYourBrowser" to find directions for your specific browser.


Yes, I found this Chrome extension (but cross-browser would be better)

This is another similar problem with CORS policy

Access to XMLHttpRequest at '' 
from origin '' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource.
code of conduct - report abuse