+ Start a Discussion
prati@salesforceprati@salesforce 

Content Security policy violated in javascript button

Hi ,
I have a simple javascript button which is just supposed to set a chekbox to true and a pop up should appear. It is as follows:
{!REQUIRESCRIPT("/soap/ajax/29.0/connection.js")} 
{!REQUIRESCRIPT("/soap/ajax/18.0/apex.js")} 
var p = new sforce.SObject('Inventory_exception__c'); 
p.id = "{!Inventory_Exception__c.Id}"; 
p.Inventory_Count_Requested__c= "True"; 
result = sforce.connection.update([p]); 
location.reload(true); 
if(result[0].success == 'true'){ 
alert("An inventory count has been requested and an email will be sent to the RFD to coordinate with an independent observer to make the count."); 
}
It works fine but not always. Sometimes it doesn't work and when i opened console I see the error...'Refused to create a child context containing 'blob:https://example.com' because it violates the following Content Security Policy directive:...child-src was not explicitly set, so default-src is used as a fallback.
     How can I fix this? I tried some stack overflow solutions but nothing really seem to work.  Please help....
Thank you
NagendraNagendra (Salesforce Developers) 
Hi Prati,

This is due to ‘blob:’ being used in the code but not defined as an acceptable data source.

Check with the below information on the GitHub here

https://github.com/SpiderOak/crypton/pull/387/commits/a45ee144ad77d56e2764a05b872e8c1de5886a94

https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives#Data

Please mark this post as solved if it's resolved.

Best Regards
Nagendra.P