I was trying to implement a content security policy on a 1 page test version of my website with the following:
However, the debugger in Safari complains with the following error message (3 instances of same):
<img src="rw_common/themes/delta/images/body_bg.png" alt="" style="width: 3000px; height: 489px;" />
“Refused to apply a stylesheet because its hash, its nonce, or ‘unsafe-inline’ appears in neither the style-src directive nor the default-src directive of the Content Security Policy.”
There is a second error, associated with the email contact script, which is an in-line script:
“Refused to execute a script because its hash, its nonce, or ‘unsafe-inline’ appears in neither the script-src directive nor the default-src directive of the Content Security Policy.”
My question is: how do I include the rw_common folder and the in-line script into my content security policy?