Error on request, how to solve?

• 0
  Good evening, when getting a request for a specific page in the browser, an error is thrown
  

  Refused to connect to ' https://www.supremenewyork.com/mobile_stock.json 'because it violates the following Content Security Policy directive: "default-src' self '". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

  
  How is it solved? I am sitting on the local host

  JavaScript Parker Turner, Oct 27, 2019

---

2 Answers
• 0
  Proxy the request through your server. At the root of your site, create a proxy.php file with the following content:
  
  

  <?php
  
  
  
  header('Access-Control-Allow-Origin: *'); // Разрешаем запросы с любых доменов
  
  header('Content-Type: application/json; charset=utf-8'); // Указываем тип документа и кодировку
  
  
  
  // Скачиваем данные по ссылке:
  
  $json = file_get_contents('https://www.supremenewyork.com/mobile_stock.json');
  
  echo $json; // Выводим данные

  
  
  Further, already in the browser, contact http: //localhost/proxy.php if you need to get JSON.

  Evan Clark

---

• 0
  You send the HTTP header Content-Security-Policy: default-src 'self' or output the

  <meta http-equiv="Content-Security-Policy" content="default-src 'self'">

  meta tag in HTML code. developer.mozilla.org/ru/docs/Web/HTTP/CSP "rel =" nofollow "> Content Security Policy ) allows the insertion of resources (images / scripts / styles / fonts / ajax requests / videos / audio) only from the site's own domain (localhost in your case). This is controlled by CSP.
  
  
  
  If you don't know what a CSP is, find and remove this title / meta tag. If you know and "you need it" - add the source https:// www.supremenewyork.com to the default-src directive:
  
  default-src 'self' https://www.supremenewyork.com;
  
  
  
  And if done in a smart way, then your CSP should look like this:
  
  

  default-src 'self'; connect-src https://www.supremenewyork.com;

  Anonymous

---