Framagit pages: CSP disables JS

Today, I noticed that JavaScript is disabled on my site, hosted on framagit pages, via setting Content-Security-Policy: script-src 'none'; header.
Is there any recent changes in Content-Security-Policy for websites hosted in framagit pages? Or I do something bad? How I can enable js again?

Hi @hkalbasi,

We just checked with a gitlab page we host on framagit and it is working just fine.

What is you site url ? If you don’t want to post it on a public forum, you can use

1 Like


It is , and you are correct, our that also hosted on framagit, works perfect with js.
But I don’t understand the reason. I revert my recent changes with git but still there is the CSP header.

Did you try to use another browser or to disable your browser extensions ?

Oh, how stupid I am. I turned off JavaScript for testing. But later, when I saw that this header was being sent, I did not think that it might be from the extension.

I’m really sorry I took your time. You can delete this thread.

1 Like

It’s okay, don’t worry! Glad that you were able to solve your issue :wink: