I suggest you ...

Browser Link Support for Content Security Policy (CSP) HTTP Headers

Currently Browser Link uses inline JavaScript which causes Content Security Policy (CSP) (See https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy) violation errors. CSP requires external files to be used for JavaScript and CSS.

If the user is using CSP then browser link is disabled as inline scripts cannot be run. Please use external files, which will allow us to use CSP in conjunction with Browser Link.

This is the error that Chrome throws:

Refused to load the script 'http://localhost:40323/7ccba4ec32eb40b093fe065c6ca53fbf/browserLink'; because it violates the following Content Security Policy directive: "script-src 'self' ajax.googleapis.com ajax.aspnetcdn.com".

60 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Muhammad Rehan SAeedMuhammad Rehan SAeed shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        I got the same error..
        I am using nwebsec toolkit for CSP..

        What should i do to remove this error? Or it will not affect any operation so can we keep it?

      Feedback and Knowledge Base