Failed parsing Content-Security-Policy because -2147024809 - policy will be ignored.

Confirmed Issue #12377248 • Assigned to Paul W.

Details

Author
Kyle S.
Created
Jun 17, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
40.15063
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

The following CSP fails to be parsed by Edge. All other browsers accept it. Maybe it’s the new lines?

<meta http-equiv="Content-Security-Policy" content="
      default-src
        'self';
      script-src
        'self'
        https://www.google-analytics.com
        https://js.stripe.com
        https://maxcdn.bootstrapcdn.com
        https://ajax.googleapis.com;
      style-src
        'self'
        'unsafe-inline'
        https://maxcdn.bootstrapcdn.com
        https://fonts.googleapis.com;
      img-src
        'self'
        data:
        https://q.stripe.com
        https://haveibeenpwned.com
        https://chart.googleapis.com
        https://www.google-analytics.com;
      font-src
        'self'
        https://maxcdn.bootstrapcdn.com
        https://fonts.gstatic.com;
      child-src
        'self'
        https://js.stripe.com;
      frame-src
        'self'
        https://js.stripe.com;
      connect-src
        *;">

Console:

CSP14308: Failed parsing directive in <meta http-equiv="Content-Security-Policy"> at ''.

CSP14301: Failed parsing <meta http-equiv="Content-Security-Policy"> because -2147024809 - policy will be ignored.

Example website: https://vault.bitwarden.com

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “James M.”

      Changed Assigned To to “Travis L.”

      Changed Assigned To to “Sermet I.”

      Changed Assigned To to “wwatri”

      Changed Status to “Confirmed”

      Changed Assigned To from “wwatri” to “Paul W.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in