Content security policy

I am running a simple expressjs app with crud functionality. When attempting to post an article I am getting an error related to csp Content Security Policy: The page’s settings blocked the loading of a resource at (“default-src”). I tried all sorts of seting up csp on my express server using helmetjs like so

    useDefaults: false,
    directives: {
      "default-src": [`"self"`, ``],

but still my requests are being blocked. I was wondering if anyone has faced this issue and managed to resolve it?

Did you try only specifying "self"? based on these docs, it seems like just “self” should be required: CSP: default-src - HTTP | MDN

yes I did try self

I just noticed that this issue arises in firefox only. in chrome requests works just fine

1 Like