Refused To Execute Inline Script Following Content Security Policy Directive Violation

system · January 3, 2023, 9:08am

Issue Description

On accessing the Orchestrator, it does not load properly and throws below error in browser developer console:

“Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback”

Root Cause

Generally, such errors occur when there is a custom rule in the HTTP response Header "Content Security Policy " having the value "default-src 'self'".

Resolution

Go to IIS Select and select the Orchestrator under Sites
Go to “HTTP Response Headers.”
Check if there is any Content security policy for custom HTTP response header rule. If found, remove the Content security policy custom rule

Topic		Replies	Views
Orchestrator API access - CORS policy Help	16	6302	April 1, 2019
Azure App server orchestrator swagger authenticate Knowledge Base orchestrator , 2022_10_2	0	13	January 3, 2025
CSP error when uploading to storage bucket AWS/Azure (Automation Suite) Knowledge Base orchestrator	0	12	January 3, 2025
Addressing Concerns Regarding HTTP Security Headers Knowledge Base orchestrator	0	527	August 8, 2023
Orchestrator generic http error after trying to modify IIS Website Authorization rules Help	0	2660	October 5, 2017

Refused To Execute Inline Script Following Content Security Policy Directive Violation

Issue Description

Root Cause

Resolution

Related topics