javascript - because it violates the following Content Security Policy directive: "style-src 'self'" - Stack Overflow
Debugging and setting the Content Security Policy in the CSP header and meta tag; debug via browser console, via violation reports and SecurityPolicyViolation event; why the CSP header is truncated
On Ubuntu 16 "Unrecognized Content-Security-Policy directive" reported from some tests · Issue #1194 · coreinfrastructure/best-practices-badge · GitHub
Getting Started with Content Security Policy using NodeJS/Express and Csper
⚖ 'unsafe-eval' in worker-src / child-src does not work, it must be specified in script-src; the worker-src directive covers only the worker creation, the executing of worker's script is controlled by other
On Cross-Site Scripting and Content Security Policy
How to create a solid and secure Content Security Policy
A systematic study of content security policy in web applications - Liu - 2016 - Security and Communication Networks - Wiley Online Library
Content Security Policy: Event logged in csp dblog raised by the module [#3167319] | Drupal.org
⚖ Browsers support of the child-src directive; child-src is a fallback directive for frame-src and worker-src; frame-src and worker-src take precedence over child-src
Safari doesn't like CSP
Using Content Security Policy (CSP) to Secure Web Applications | Invicti
⚖ Browsers support for the Content-Security-Policy worker-src directive to control the SharedWorker(), Worker() and navigator.serviceWorker.register() functions; unrecognized Content Security Policy directive worker-src
Security/CSP/Specification - MozillaWiki
CSP policy in Safari | Apple Developer Forums
How to fix 'because it violates the following content security policy directive'
Recording #94
Optimizely's Content-Security-Policy Journey | by Ola Nordstrom | Engineers @ Optimizely | Medium
Content Security Policy for Single Page Web Apps | Square Corner Blog
Debugging and setting the Content Security Policy in the CSP header and meta tag; debug via browser console, via violation reports and SecurityPolicyViolation event; why the CSP header is truncated