Today, I noticed that JavaScript is disabled on my site, hosted on framagit pages, via setting Content-Security-Policy: script-src 'none'; header.
Is there any recent changes in Content-Security-Policy for websites hosted in framagit pages? Or I do something bad? How I can enable js again?
Hi @hkalbasi,
We just checked with a gitlab page we host on framagit and it is working just fine.
What is you site url ? If you don’t want to post it on a public forum, you can use contact.framasoft.org.
1 « J'aime »
Hi!
It is https://pdcommunity.ir , and you are correct, our https://alternative.pdcommunity.ir that also hosted on framagit, works perfect with js.
But I don’t understand the reason. I revert my recent changes with git but still there is the CSP header.
Did you try to use another browser or to disable your browser extensions ?
Oh, how stupid I am. I turned off JavaScript for testing. But later, when I saw that this header was being sent, I did not think that it might be from the extension.
I’m really sorry I took your time. You can delete this thread.
1 « J'aime »
It’s okay, don’t worry! Glad that you were able to solve your issue 