I suggest you ...

Browser Link Support for Content Security Policy (CSP) HTTP Headers

Currently Browser Link uses inline JavaScript which causes Content Security Policy (CSP) (See https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy) violation errors. CSP requires external files to be used for JavaScript and CSS.

If the user is using CSP then browser link is disabled as inline scripts cannot be run. Please use external files, which will allow us to use CSP in conjunction with Browser Link.

This is the error that Chrome throws:

Refused to load the script 'http://localhost:40323/7ccba4ec32eb40b093fe065c6ca53fbf/browserLink'; because it violates the following Content Security Policy directive: "script-src 'self' ajax.googleapis.com ajax.aspnetcdn.com".

61 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Muhammad Rehan SAeedMuhammad Rehan SAeed shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base