Error on request, how to solve?

  • 0
    Good evening, when getting a request for a specific page in the browser, an error is thrown
    Refused to connect to ' https://www.supremenewyork.com/mobile_stock.json 'because it violates the following Content Security Policy directive: "default-src' self '". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

    How is it solved? I am sitting on the local host
    JavaScript Parker Turner, Oct 27, 2019

  • 2 Answers
  • 0
    Proxy the request through your server. At the root of your site, create a proxy.php file with the following content:

    <?php

    header('Access-Control-Allow-Origin: *'); // Разрешаем запросы с любых доменов
    header('Content-Type: application/json; charset=utf-8'); // Указываем тип документа и кодировку

    // Скачиваем данные по ссылке:
    $json = file_get_contents('https://www.supremenewyork.com/mobile_stock.json');
    echo $json; // Выводим данные


    Further, already in the browser, contact http: //localhost/proxy.php if you need to get JSON.
    Evan Clark

  • 0
    You send the HTTP header Content-Security-Policy: default-src 'self' or output the
    <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
    meta tag in HTML code. developer.mozilla.org/ru/docs/Web/HTTP/CSP "rel =" nofollow "> Content Security Policy ) allows the insertion of resources (images / scripts / styles / fonts / ajax requests / videos / audio) only from the site's own domain (localhost in your case). This is controlled by CSP.



    If you don't know what a CSP is, find and remove this title / meta tag. If you know and "you need it" - add the source https:// www.supremenewyork.com to the default-src directive:

    default-src 'self' https://www.supremenewyork.com;



    And if done in a smart way, then your CSP should look like this:

    default-src 'self'; connect-src https://www.supremenewyork.com;
    Anonymous

Your Answer
To place the code, please use CodePen or similar tool. Thanks you!