Loading a script blocked

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • HareCom
    Junior Member
    • May 2025
    • 5
    #1

    Loading a script blocked

    Hello. I am trying to load a script into a view (using something like an iframe) but I'm getting this error:

    jquery.js:10007 Refused to load the script 'https://apps.reonic.de/elements/reonic-loader.js' because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-a517de73ceb623294d9d18d0641e02d2' 'unsafe-eval'https://maps.googleapis.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback

    How can I resolve this and add this to the list of allowed domains? I couldn't find the file responsible for this and it obviously doesn't come from the server.

    Thanks in advance
    Tags: None
    • yuri
      Member
      • Mar 2014
      • 8981
      #2
      Hi,

      You need to add the source to the config. data/config.php, parameter 'clientCspScriptSourceList'.

      Config parameters - EspoCRM Documentation
      https://docs.espocrm.com/administration/config-params/#security


      Code:
      'clientCspScriptSourceList' => [
    'https://maps.googleapis.com',
    'https://apps.reonic.de',
],
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

        Comment

        • HareCom
          Junior Member
          • May 2025
          • 5
          #3
          Ok, it was in config-internal not config. But this works once, after I change to another view and return to it it shows the same error again although the source is there:

          Code:
          Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-bae6570a07f9bd219f4cdf36aed90beb' 'unsafe-eval' https://maps.googleapis.com [B]https://apps.reonic.de[/B]". Either the 'unsafe-inline' keyword, a hash ('sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw='), or a nonce ('nonce-...') is required to enable inline execution.

            Comment

            Previous template Next
            Working...