When working on my latest project nocloud.website I encountered a strange error in production:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”).
Internet Explorer 11
IE does not know about the connect-src directive.
Sadly now IE ignores the complete policy.
fetch("https://httpbin.org/get")
// [object Promise]: {}
// [object Response]: {body: ReadableStream, bodyUsed: false, headers: Headers, ok: true, redirected: false...}
So this means that with the raise of new features IE users even loose the protection that they had when their browser was built.
Expected result eg. on Firefox:
fetch("https://httpbin.org/get")
// Promise { <state>: "rejected" }
// Content Security Policy: The page’s settings blocked the loading of a resource at https://httpbin.org/get (“default-src”).
Donate ♥
Imprint
Datenschutz
Archive
