after adding Content Security Policy in web.config, inline style are adding and console errors are coming. Please suggest any solution for this issue.enter image description here
Related
I am integrating react-google-maps in nextjs. Every thing works fine but when map is opened the images are not loaded:
I get Refused to load image because it violates the following content security policy directive : "img-src *"
What does this mean and how to resolve this? Is this related to my domain or my app server?
Note, Locally every thing works fine
You need to set you Content Security Policy Header to accept from the locations
Header set Content-Security-Policy "default-src 'self' https://www.googletagmanager.com *.images.google.com
something like that (not sure what ones you will need to add)
My Code
I want to use props but pictures don't come but other things come so how can I use props in React-Bootstrap (sorry for my English)
error
That error is saying that the image that you're getting has a security policy on it that only allows code that is running on the same server to access it. Pick an image that doesn't have that policy or if it's your image, change the security policy on that image.
To check this, choose a different image from a different server.
I have a dev box running with a namespace and just added a demo visualforce page named "test" and just clicked on "Preview". It is ending up with a certificate error on my browser.
The URL salesforce tries to open is https://myinstance-dev-dev--mynamespace.visualforce.com/apex/test
The certificate being provided by this domain is for "viv1.force.com". That is why my browser is blocking it.
Any idea why this is happening? My visualforce pages were working on the dev box, but now suddenly end up with this error.
Strange solution. Had to check "Critical updates" on setup, and DEACTIVATED the setting "Stabilize URLs for Visualforce, Experience Builder, Site.com Studio, and Content Files". Now it is working again.
I assume for some reason this stabilization missed to change the used certificate behind visualforce pages. Deactivating above option fixed it.
I'm trying to build a simple component to display a web page inside a Lightning component. This is my starting code.
<aura:component implements="force:appHostable">
<iframe width="100%" height="350px" style="border: 1px solid" src="https://trailhead.salesforce.com/en/content/learn/trails/wave_analytics_apps" />
</aura:component>
Then I was going to embed this into a Lightning Component using iframe. Is there any way to make it work? I've checked ClickJack by disabling it. I've created records in Remote Site Settings, CORS, and CSP Trusted Sites. I still get this error.
It's not you, it's them. The hint is in "{target} refused to connect". I don't know what you did to your Chrome error console but the error should be in there.
Refused to frame 'https://trailhead.salesforce.com/' because an
ancestor violates the following Content Security Policy directive:
"frame-ancestors 'none'".
https://en.wikipedia.org/wiki/Content_Security_Policy
that trailhead page doesn't allow to be embedded anywhere else, not even on pages from same subdomain. Your component will work fine if you use src="https://example.com". Generally you'd need to talk with the target website's owner to whitelist your SF (internal mydomain and/or community, depends what exactly you want to do with it)
my friend. i have the same problem recently. So, I resolved temporary disabled the flags of chrome that implements the news features, the flags will be default only 84 version of chrome, but you can win this question quickly, do this:
1 - go to chrome://flags/ into url of chrome.
2 - disabled the flags below:
- SameSite by default cookies = disabled
- Enable removing SameSite=None cookies = disabled
- Cookies without SameSite must be secure = disabled
3 - click on Relaunch.
For you resolved definitly in saleforce, you can ask to the own (page embeded), that implement in your cookie same values in cookie them:
- On the cookie set values to:
- secure = Yes
- SameSite = NONE.
For me resolved good.
But if you need get a event by iframe using component Aura, tell me here and i give and post more information.
when i load my site from incognito (when static files are not caches), about 50% of the time some static files which are hosted on app engine are not showing up. one time it can be a CSS file and other times it's JS. in the console i see this error:
Failed to load resource: net::ERR_CONNECTION_RESET
I have no idea why this happens and how to fix it.
Also, when you first go the page, you sometimes see a message saying the page is unavailable, and then immediately the page appears.
How to reproduce:
open this page on incognito (each time): http://alephz.com/
about 5 out of 10 times it should come up without CSS or JS
It might be the DNS prefetching having a problem. Try disabling it by adding <meta http-equiv="x-dns-prefetch-control" content="off"> into your header. Have not seen that being a problem for a while though.
The root problem is a certificate mismatch / expired certificate.
You can see this for yourself in the code here.
Note in particular the use of the very constant you reference in the code on line 44 of the C++ file in above link:
case net::ERR_INSECURE_RESPONSE:
The current version of this file is here. The error status ERR_INSECURE_RESPONSE may not any longer be on line 44 but the error code still exists in the SSL certificate portion of the code.
But as you are requesting the resources over SSL it is likely the certificate is invalid. Either it is self-signed and has not been added to your browser/OS exceptions or it is otherwise invalid.
Try the URI directly in the same browser and inspect the certificate.
This is in no way related to jQuery, JavaScript or CSS directly.