Content Security Policy of your site blocks some resources #16759
Description
Before reporting an issue
- I have searched existing issues
- I have reproduced the issue with the latest release
Area
admin/ui
Describe the bug
When I click "Administration Console" icon in Keycloak main page https://my-keycloak.com.vn (public domain) I have got the error as follows:
Some resources are blocked because their origin is not listed in your site's Content Security Policy (CSP). Your site's CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.
A site's Content Security Policy is set either as via an HTTP header (recommended), or via a meta HTML tag.
To fix this issue do one of the following:
(Recommended) If you're using an allowlist for 'script-src', consider switching from an allowlist CSP to a strict CSP, because strict CSPs are more robust against XSS . See how to set a strict CSP .
Or carefully check that all of the blocked resources are trustworthy; if they are, include their sources in the CSP of your site. ⚠️Never add a source you don't trust to your site's CSP. If you don't trust the source, consider hosting resources on your own site instead.
http://my-keycloak.com.vn bị chặn frame-src index.0cb2e516.js:90
Version
quay.io/keycloak/keycloak:latest
Expected behavior
I can move to login keycloak admin page with username and passord form
Actual behavior
The page has been loading forever with the above error
How to Reproduce?
- Set update public domain https://my-keycloak.com.vn for internal ip address 123.45.6.78
- Run Keycloak in tls mode at port 8443:8443 docker container
- Go to https://my-keycloak.com.vn and login to keycloak with credentials info
- Keycloak login page can not be loaded
Anything else?
http://my-keycloak.com.vn block frame-src index.0cb2e516.js:90