I canβt plunge my head into the CSP violation report below (sent by FireFox 44.0.2 / Ubuntu). What is really blocking here and why? It should be noted that it does not matter if I write 'self' or (as it automatically converts in the report) https://www.example.com to the CSP header. In addition, I do not know anything that is missing on the displayed page. So what can I do against this? (Apparently, I should not add reports on my site if every page triggers a fake violation report)
{ "csp-report":{ "blocked-uri":"self", "document-uri":"https://www.example.com/foo/bar/baz.html", "original-policy":"report-uri https://reportserver.example.com/ContentSecurityPolicy-report.php; default-src https://www.example.com; style-src https://example.com https://www.example.com https://fonts.googleapis.com; script-src https://www.example.com https://code.jquery.com https://ajax.googleapis.com; font-src https://fonts.gstatic.com", "referrer":"https://www.example.com/foo/bar/wtf.html", "source-file":"https://www.example.com/foo/bar/baz.html", "violated-directive":"style-src https://example.com https://www.example.com https://fonts.googleapis.com" } }
source share