Ask coding questions

← Back to all posts
Content Security Policy?
programmeruser (597)

So just today I was making something in HTML/CSS/JS, and I saw this in the console:

Is this a problem with's server?

Answered by xxpertHacker (930) [earned 5 cycles]
View Answer
xxpertHacker (930)

a) I just noticed that your pfp is ++i, I do the same thing.

Now, to answer your question, yes!

Report that right away at /bugs. I never checked's HTTP headers at all, especially not for script-src.

script-src allows a server to create a whitelist of what scripts and origins that a script may be executed from and requested from in a document served from the server.

Example: a server sends an HTML document, the document has an inline script, if the CSP only whitelists HTTPS served URLs, then it won't load.

In your case, it's denying everything, that is very bad.

It can also be set in a meta tag, but you didn't do that here, so it has to be Replit's server.

xxpertHacker (930)

Did you actually report it to /bugs or no?

programmeruser (597)

@xxpertHacker now I don't feel like working on it because 6 months later I can barely understand what I wrote...

egranty (0)

It's not a issue, server does not send any Content Security Policy, because you able to embed into page any trird-party JS libs/widgets - jQuery, MooTools, Dojo Widgets, reCaptcha, etc... have no chances to open all these in CSP, therefore it does not use it at all.
It could be 2 opts:

But blocked script: is definitely your script (it's marked by your nicname programmeruser), therefore the lock occurs in's iframe where it shows results of code run.


It's not a code problem. It runs and works perfectly fine. I think it's a server issue, maybe try reloading? Restarting?

programmeruser (597)

@DynamicSquid no, the server has to set it I think

DynamicSquid (4932)

@programmeruser What if you added the HTML boilerplate? I think that would work

programmeruser (597)

@DynamicSquid it never finishes loading, so I don't know if it worked (I don't think it did)

realTronsi (926)

@programmeruser when theres an error always assume it is your own fault and beg on stackoverflow for a old guy to solve your problem and he'll explain it using matrix theory and linear algebra

DynamicSquid (4932)

@realTronsi Better if the person on SO has lots of reputation too. More rep = trustworthy answer

realTronsi (926)

@DynamicSquid yes for sure, SO reputation isn't like repl cycles or reddit karma where if you spam the forums you can basically farm points