+ Start a Discussion
rich rinesrich rines 

Unrecognized Content-Security-Policy directive 'referrer'.

I'm seeing this when running my canvas app on a custom tab (via a visual force page) installed managed package. I've had no issues running it the same way on the same enviroment without it being a managed package as I was developing. Any idea?
Errors in the logs
 
tlfutlfu
I've been seeing this error message in the Chrome Developer Tools console, since the Spring '17 release. I am seeing this in ALL of my Developer Edition orgs, and not just on custom Visualforce pages. It happens on EVERY page load (Contact, Accounts, etc.). I opened a case with support for this. I was told they were investigating and expected to release a hot fix for this very soon (last week in fact). However, as of 2/28, it is still happening. In Microsoft Edge, this is reported as a warning. I don't see this message in FireFox. AFAICT, it doesn't seem to affect page loads.
tlfutlfu
FYI, others are reporting this as well: https://community.skuid.com/skuid/topics/unrecognized-content-security-policy-directive-referrer. This thread seems to indicate is has to do with Visualforce page access settings, but that is definitely not the case in my environment. I am seeing this on standard pages.
vleandrovleandro
Do you by chance have a Known Issue link that support may have shared with you that we can vote on?
 
tlfutlfu
I do not have a KI link. I specifically asked for one, but I was told that a fix was imminent, and therefore no KI would be created. The case has since been marked as closed by support. I commented on it to see if I could get it re-opened, but there has been no further response. BTW, since yesterday (I think) the message appearing in Chrome's dev console has changed. It now says: Unrecognized Content-Security-Policy directive 'reflected-xss'. Prior to yesterday, I was getting messages that complained about 'referrer'.
Jairama BangaloreJairama Bangalore
This is happening due to session xss security settings, uncheck the XSS protection in Salesforce Session settings.
Kimberly OglesKimberly Ogles
We are experiencing the same issue and have updated the security settings. Does anyone know of another resolution???
SBgooSBgoo
We have the same issue with some VF page. Is there any update or reference here? Thanks