My Html file looks like below. When I launch the HTML file it says, content security policy is broken. How do I fix it from the HTML side?
<html>
<head>
<title></title>
</head>
<script type="text/javascript" src="URLCode.js"></script>
<body onload='window.location.replace(URLalter(window.location.href));'>
</body>
</html>
Js code:
function URLalter(entryURL) {
var entryPoint= entryURL+" ";
return entryPoint;
}
How do I fix it from the HTML side?
Easy answer, you don't. The server is most definitely responsible for this and with good reason but let's say those reasons are simply security. You may bypass this by adjusting your headers but it will not be done on a client level side at all!
That's bad.
You can maybe get comfortable with these security features often applied and understand the different headers/measures taken: contentSecurityPolicy, dnsPrefetchControl, expectCt, frameguard, hidePoweredBy, hsts, ieNoOpen, noSniff, permittedCrossDomainPolicies, referrerPolicy, and xssFilter