Refused to load the script because it violates the following Content Security Policy directive

[Lyfhael]

Hi,

I try to override a .js file from a website, but when I do the file doesn't load and I get the following error message :

website.com/:1 Refused to load the script 'data:text/javascript;charset=UTF-8;base64,...'
because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' 
https://*.website.com https://website.com https://*.website1.com https://website.com https://cdn.website.net 
https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com 
https://www.google-analytics.com https://*.website2.com https://*.website2.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Is there a way to fix that ?

[immrakpk]

Same issue

[kylepaulsen]

Could maybe try using a header rule to delete the "Content-Security-Policy" header. Not sure if that will work.

[immrakpk]

I end up putting nginx at front of nuxt and use nginx header in location area as follow (and it works)

add_header Content-Security-Policy " default-src *.mywebsite.com *.gstatic.com *.googleapis.com *.fontawesome.com script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com; font-src 'self' data: blob: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.fontawesome.com; img-src 'self' data: blob: *.mywebsite.com *.gstatic.com *.googleapis.com; media-src 'self' data: blob: *.mywebsite.com *.gstatic.com *.googleapis.com; object-src 'self'; connect-src 'self' *.mywebsite.com;";