Error on request, how to solve?

  • 0
    Good evening, when getting a request for a specific page in the browser, an error is thrown
    Refused to connect to ' 'because it violates the following Content Security Policy directive: "default-src' self '". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

    How is it solved? I am sitting on the local host
    JavaScript Parker Turner, Oct 27, 2019

  • 2 Answers
  • 0
    Proxy the request through your server. At the root of your site, create a proxy.php file with the following content:


    header('Access-Control-Allow-Origin: *'); // Разрешаем запросы с любых доменов
    header('Content-Type: application/json; charset=utf-8'); // Указываем тип документа и кодировку

    // Скачиваем данные по ссылке:
    $json = file_get_contents('');
    echo $json; // Выводим данные

    Further, already in the browser, contact http: //localhost/proxy.php if you need to get JSON.
    Evan Clark

  • 0
    You send the HTTP header Content-Security-Policy: default-src 'self' or output the
    <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
    meta tag in HTML code. "rel =" nofollow "> Content Security Policy ) allows the insertion of resources (images / scripts / styles / fonts / ajax requests / videos / audio) only from the site's own domain (localhost in your case). This is controlled by CSP.

    If you don't know what a CSP is, find and remove this title / meta tag. If you know and "you need it" - add the source https:// to the default-src directive:

    default-src 'self';

    And if done in a smart way, then your CSP should look like this:

    default-src 'self'; connect-src;

Your Answer
To place the code, please use CodePen or similar tool. Thanks you!