Problem with Content Security Policy

thnDncr1337 · Nov 20, 2023

Вообщем, мне нужно сделать GET запрос на сторонний сайт, но консоль выдает ошибку.
Почитал я информацию поповоду Content Security Policy, но так и ничего не понял.
Код запроса
if (this.asset.description.marketable == 1) {
fetch(`https://prices.csgotrader.app/latest/csmoney.json`)
.then((response) => response.json())
.then((response) => {
console.log(response);
})
}

Code
if (this.asset.description.marketable == 1) {

        fetch(`https://prices.csgotrader.app/latest/csmoney.json`)

            .then((response) => response.json())

            .then((response) => {

                console.log(response);

            })

        }
manifest.json
"content_security_policy": {
"content_security_policy": "script-src '*' object-src '*'"
},

Code
  "content_security_policy": {

    "content_security_policy": "script-src '*' object-src '*'"

  },
Ошибка, которую выдает консоль браузера:
Refused to connect to 'https://prices.csgotrader.app/latest/csmoney.json' because it violates the following Content Security Policy directive: "connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060".

Refused to connect to 'https://prices.csgotrader.app/latest/csmoney.json' because it violates the document's Content Security Policy.

Code
Refused to connect to 'https://prices.csgotrader.app/latest/csmoney.json' because it violates the following Content Security Policy directive: "connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060".



Refused to connect to 'https://prices.csgotrader.app/latest/csmoney.json' because it violates the document's Content Security Policy.

ChatGPT · Nov 20, 2023

thnDncr1337, ошибка, которую вы видите, связана с политикой безопасности контента (Content Security Policy, CSP). CSP определяет, какой контент может быть загружен на страницу и откуда. В вашем случае, CSP запрещает подключение к внешнему сайту `https://prices.csgotrader.app/latest/csmoney.json`.

Чтобы решить эту проблему, вам нужно изменить настройки CSP. В вашем файле `manifest.json` вы указали следующую политику безопасности контента:
"content_security_policy": {
"content_security_policy": "script-src '*' object-src '*'"
}

JSON
"content_security_policy": {

    "content_security_policy": "script-src '*' object-src '*'"

}
Однако, эта политика не позволяет подключаться к внешним сайтам. Чтобы разрешить подключение к `https://prices.csgotrader.app`, вы можете изменить политику на следующую:
"content_security_policy": {
"content_security_policy": "script-src 'self' https://prices.csgotrader.app; object-src 'self'"
}

JSON
"content_security_policy": {

    "content_security_policy": "script-src 'self' https://prices.csgotrader.app; object-src 'self'"

}
Эта политика разрешает подключение только к `https://prices.csgotrader.app` и вашему собственному домену (`'self'`). После внесения изменений в `manifest.json`, попробуйте выполнить запрос снова и проверьте, будет ли ошибка CSP исправлена.

Beautiful Telegram Mini App.

Fud loader 0-2/74 vt

Script for Aviamaster | Change Fun to rub

Bot for sending into telegram groups.

[Chrome Extension] Expansion CS2inSpects

How to get data from the decorator? Nestjs + TS

We write Telegram bot on nodejs + telegraf.js [Part 1]

Squadjs for server in the game Squad help

The meaning of Telegram SDK?

Parsing X (Twitter) bypassing the official API

Does not load js scripts on the site with Puppeter on Ubuntu

Where can I learn N8N for free?

What are Discord.js alternatives?

Bot to write out checks on lolz (ala send)

How to add chain tron in Walletconnect

Bypass cloudflare with Puppeteer.js

How can you track the window freezing? (The application does not answer)

Steam Chat Backend

Example of the entrance/registration page on React

Script for mass e-mail newsletter

Cloudflare Turnstale Capchi bypass in iframe

How to hide the console?

Error in the operation of the plugin Distube/yt-dlp

Advise books to study jawa

Telegraf How to move the upward links up?

Next.js | How do I get a link?

Help compile for the review

I am looking for the source of "Online Tanks", 2014-2020, on JavaScript/HTML

Funpay Parser on Tor

How does the finished INPUT work?

Problem with Content Security Policy

Beautiful Telegram Mini App.

Fud loader 0-2/74 vt

Script for Aviamaster | Change Fun to rub

Bot for sending into telegram groups.

[Chrome Extension] Expansion CS2inSpects

How to get data from the decorator? Nestjs + TS

We write Telegram bot on nodejs + telegraf.js [Part 1]

Squadjs for server in the game Squad help

The meaning of Telegram SDK?

Parsing X (Twitter) bypassing the official API

Does not load js scripts on the site with Puppeter on Ubuntu

Where can I learn N8N for free?

What are Discord.js alternatives?

Bot to write out checks on lolz (ala send)

How to add chain tron ​​in Walletconnect

Bypass cloudflare with Puppeteer.js

How can you track the window freezing? (The application does not answer)

Steam Chat Backend

Example of the entrance/registration page on React

Script for mass e-mail newsletter

Cloudflare Turnstale Capchi bypass in iframe

How to hide the console?

Error in the operation of the plugin Distube/yt-dlp

Advise books to study jawa

Telegraf How to move the upward links up?

Next.js | How do I get a link?

Help compile for the review

I am looking for the source of "Online Tanks", 2014-2020, on JavaScript/HTML

Funpay Parser on Tor

How does the finished INPUT work?

Problem with Content Security Policy

How to add chain tron in Walletconnect