Sketchup is not listed in the extra services area. So I am unable to take these steps. Did Sketchup do an update related to: Content Security Policy? It seems GoGuardian is blocking some style attributes (I think). Do you have a white list of everything that needs to be open for your app to work? Again, something changed a couple of weeks ago, but I don’t know if it was on your side or GoGuardian’s side.
- The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets.
To solve this, move all inline scripts (e.g. onclick=[JS code]) and styles into external files.
Allowing inline execution comes at the risk of script injection via injection of HTML script elements. If you absolutely must, you can allow inline script and styles by:
- adding
unsafe-inlineas a source to the CSP header - adding the hash or nonce of the inline script to your CSP header.
Affected Resources
40 directives
The 40 Directives are just saying:
style-src-attr blocked.goguardian.com/:235
style-src-attr blocked.goguardian.com/:236
etc.