Image refused to load due to content security policy violation

Hello, I uploaded web files provided by our customer to be hosted by an S3 bucket and once I used the URL to display everything worked except one image that could not be loaded and the error message is:"Refused to frame 'https://xxxxxxx.com' becaused it violates the following content security policy directive: "frame-src 'self'. https://xxxxxxx.com

How can I fix it in I guess lambda edge function? We used cloudformation templates.

I am a cloud engineer but do not know much about web stuff.

Many thanks for your help in advance. Del

ab
a year ago
the CSP for frame is purely web browser related. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src you can change the CSP by altering the response header but I lack information to help you more precisely here. How do you display the image on your web page? how do you access the S3 object?

Topics

Storage Serverless Compute Networking & Content Delivery

Tags

Amazon Simple Storage Service AWS Lambda Lambda@Edge

Language

English

Abdel

asked a year ago1263 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Your request is violating Content security policy directive as you've mentioned it as ""frame-src 'self'". If you have index.html file, please change the meta tag as shown in the below link. For example you can modify it to - <meta http-equiv="Content-Security-Policy" content="script-src 'self' http://localhost:5000 'unsafe-inline' 'unsafe-eval';">

Link - https://stackoverflow.com/questions/31211359/refused-to-load-the-script-because-it-violates-the-following-content-security-po

Prathyusha Nandam

answered a year ago

Relevant content

Using CloudFront to upload files to S3 bucket using presign URL and custom domain
Roi
asked 7 months ago
"Resolving Content Security Policy Violation for Image Loading in Amazon Grafana"
HONG
asked 2 months ago
How to exacute virus scan before uploading the file to the S3 bucket
AWS-User-7738938
asked 2 years ago
AWS Connect - Salesforce integration - Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-EcwaM0KV
Fab
asked 2 years ago
Why can't I load website content uploaded to my Amazon S3 bucket from another AWS account?
AWS OFFICIALUpdated 8 months ago
How can I load data from the Slack app to Amazon S3 by using Amazon AppFlow?
AWS OFFICIALUpdated 2 years ago
Why can't I access an object that was uploaded to my Amazon S3 bucket by another AWS account?
AWS OFFICIALUpdated 2 years ago
How do I upload an image or PDF file to Amazon S3 through API Gateway?
AWS OFFICIALUpdated a year ago
How to e-mail OpenSearch reports and dashboards via opensearch-reporting-cli
EXPERT
Sohaib Katariwala
published 2 months ago
EMR Cluster failure with "Failed to start the job flow due to an internal error"
SUPPORT ENGINEER
Yokesh NK
published 12 days ago