Content-Security-Policy: script-src 'none'; header.
Is there any recent changes in Content-Security-Policy for websites hosted in framagit pages? Or I do something bad? How I can enable js again?
We just checked with a gitlab page we host on framagit and it is working just fine.
What is you site url ? If you don’t want to post it on a public forum, you can use contact.framasoft.org.
It is https://pdcommunity.ir , and you are correct, our https://alternative.pdcommunity.ir that also hosted on framagit, works perfect with js.
But I don’t understand the reason. I revert my recent changes with git but still there is the CSP header.
Did you try to use another browser or to disable your browser extensions ?
I’m really sorry I took your time. You can delete this thread.
It’s okay, don’t worry! Glad that you were able to solve your issue