Content Security Policy
Hi,
I have a website to which I want to pull some data using the Betty Blocks API. I'm using a javascript/AJAX call for it.
However, I get a cross origin (CORS) error. If I disable the Cross-Origing Resource Sharing Protection under app settings>web options, all works fine.
To allow access from my website, It seems I have to add a header under Content Security Policy. I've tried putting a header like this in it (with google replaced with my website URL).
Content-Security-Policy: script-src 'self' https://apis.google.com
I can't get it to work. I've tried it with and without the prefix 'Content-Security-Policy:'. No success.
What am I doing wring here?
Hi,
I have a website to which I want to pull some data using the Betty Blocks API. I'm using a javascript/AJAX call for it.
However, I get a cross origin (CORS) error. If I disable the Cross-Origing Resource Sharing Protection under app settings>web options, all works fine.
To allow access from my website, It seems I have to add a header under Content Security Policy. I've tried putting a header like this in it (with google replaced with my website URL).
Content-Security-Policy: script-src 'self' https://apis.google.com
I can't get it to work. I've tried it with and without the prefix 'Content-Security-Policy:'. No success.
What am I doing wring here?
Login to reply