The Content Security Policy 'block-all-mixed-content' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.

Question

The Content Security Policy 'block-all-mixed-content' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.

Closed this issue 3 years ago · 3 comments

https://github.com/limetech/webgui/blob/3ea1bef8753d69f393b17630acab1e4bf3127bb1/plugins/dynamix/CacheDevices.page#L122

This shouldn't be needed as it's already included by the parent page. I'm seeing this in Chrome.

The Content Security Policy 'block-all-mixed-content' was delivered via a element outside the document's , which is disallowed. The policy has been ignored.

Answer 1 · 2021-07-21T17:35:29.000Z

It seems odd that this div:
<div id="templatePopupPool" style="display:none">
has <html><head><body> tags as children.

They were added in this commit for Multi-language support:
5115921

Answer 2 · 2021-07-21T17:54:26.000Z

Doesn't look relevant anymore.

I don't see any "stray" occurrences of this element in the current version

Answer 3 · 2021-07-21T17:57:47.000Z

Oh you're right, I wasn't looking at the master branch. This can be closed.