I’m on a mac, using chrome. I’m trying to add a blog (hugomelo.com) to the alpha network. I’ve got it running successfully at http://blog.hugomelo.safenet/, but I noticed some css things are off. Looking at the console, I see this message repeated (with different hash values):
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self' *.safenet". Either the 'unsafe-inline' keyword, a hash ('sha256-CrhESueoADUi4Z9HKAP/GOA32i8HuKNpSwufo8nqD84='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
After some googling, I added the following csp:
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';">
but I’m getting the same error messages, probably doing something wrong.
Why does visiting the same html content hosted on github pages show no errors?
Is there a good default content security policy for static sites on the safe network?
Should I turn of the CSP feature on my browser testing safenet sites?
Thanks for the alpha release