TheAifam5
TheAifam5
PostsComments
CDCloudflare Developers
Created by TheAifam5 on 7/8/2024 in #general-help
Rocket Loader CSP Rules
hey, I am trying to get rocket-loader.min.js up and running with my strict CSP rules: default-src 'none'; base-uri 'none'; object-src 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; style-src-elem 'self'; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-ucmPnqpppC8CN4vHqOAoh+859cskzJ0gflqKZ//2OHI=' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; require-trusted-types-for 'script' based on the documentation I have added ajax.cloudflare.com but it looks like the rocket-loader is not loaded from ajax.cloudflare.com domain. Firefox gives me such error: 
Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://<website>/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-ucmPnqpppC8CN4vHqOAoh+859cskzJ0gflqKZ//2OHI=' https://static.cloudflareinsights.com https://ajax.cloudflare.com”
Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://<website>/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-ucmPnqpppC8CN4vHqOAoh+859cskzJ0gflqKZ//2OHI=' https://static.cloudflareinsights.com https://ajax.cloudflare.com”
Is there any way to fix it?
3 replies