Issue 687454 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Feb 2017
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug-Security
Arch-x86_64 Via-Wizard-Security

Security Policy directive: "script-src 'unsafe-inline' 'strict-dynamic

Reported by calderon...@gmail.com, Feb 1 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36

Steps to reproduce the problem:
1. https://gc.kis.scr.kaspersky-labs.com/934C18A4-0ED7-7746-AC63-7FCB36F71775/main.js
2. https://www.gstatic.com/recaptcha/api2/
3. https://gc.kis.scr.kaspersky-labs.com/
4. wss://gc.kis.scr.kaspersky-labs.com/

What is the expected behavior?
This might be a security issue

What went wrong?
I got error message on the console box

Did this work before? N/A 

Chrome version: 56.0.2924.76  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 24.0 r0

Comment 1 by elawrence@chromium.org, Feb 2 2017

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)

Notices related to Content-Security-Policy in the console allow developers to diagnose incorrect use of the Content-Security-Policy directive. 

These notices do not indicate or represent security vulnerabilities in Chrome.

►

Issue 687454 link

Issue metadata

Security Policy directive: "script-src 'unsafe-inline' 'strict-dynamic

Issue description

Comment 1 by elawrence@chromium.org, Feb 2 2017

Comment 1 Deleted

Sign in to add a comment