Image refused to load due to content security policy violation

Hello, I uploaded web files provided by our customer to be hosted by an S3 bucket and once I used the URL to display everything worked except one image that could not be loaded and the error message is:"Refused to frame 'https://xxxxxxx.com' becaused it violates the following content security policy directive: "frame-src 'self'. https://xxxxxxx.com

How can I fix it in I guess lambda edge function? We used cloudformation templates.

I am a cloud engineer but do not know much about web stuff.

Many thanks for your help in advance. Del

ab
일 년 전
the CSP for frame is purely web browser related. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src you can change the CSP by altering the response header but I lack information to help you more precisely here. How do you display the image on your web page? how do you access the S3 object?

주제

스토리지 서버리스 컴퓨팅 네트워킹 및 콘텐츠 전송

태그

아마존 심플 스토리지 서비스 AWS Lambda Lambda@Edge

언어

English

Abdel

질문됨 일 년 전1294회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

Your request is violating Content security policy directive as you've mentioned it as ""frame-src 'self'". If you have index.html file, please change the meta tag as shown in the below link. For example you can modify it to - <meta http-equiv="Content-Security-Policy" content="script-src 'self' http://localhost:5000 'unsafe-inline' 'unsafe-eval';">

Link - https://stackoverflow.com/questions/31211359/refused-to-load-the-script-because-it-violates-the-following-content-security-po

Prathyusha Nandam

답변함 일 년 전

Image refused to load due to content security policy violation

관련 콘텐츠