Web Player won't load Genres & Moods due to CSP violation

Reply

Web Player won't load Genres & Moods due to CSP violation

cintezam
Newbie

I'm using the Spotify webplayer on Fedora, Chrome version 58.

 

When I try to browse the 'Genres & Moods' Section, only the first 20 load. When I scroll down to load more, the spinner shows up and then nothing happens.

 

Digging around with the Chrome Developer Tools, I noticed this friendly little chap:

'Refused to load the script 'data:application/javascript;base64,KGZ1bmN0aW9uKCkgewoJLy8gaHR0cHM6Ly9kZXZl…07Cgl9OwoJZ2EucmVtb3ZlID0gbm9vcGZuOwoJd2luZG93W2dhTmFtZV0gPSBnYTsKfSkoKTs=' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' open.scdn.co www.google-analytics.com cdn.ravenjs.com vt.myvisualiq.net".'

 

My paranoia has, so far, stopped me from fiddling with the Content Security Policy [CSP] settings to get it working again, but I can't help feeling that making my browser less secure is not the correct way of getting 'Genres & Moods' to work.

1 Reply
Highlighted

Re: Web Player won't load Genres & Moods due to CSP violation

washtubs
Newbie

I'm getting the same console error on Linux, using Google Chrome Version 60.0.3112.113 (Official Build) (64-bit).

 

For me it prevents music from playing at all.

 

Refused to load the script 'data:application/javascript;base64,KGZ1bmN0aW9uKCkgewoJLy8gaHR0cHM6Ly9kZXZlbG9wZXJzLmdvb2dsZS5jb20vYW5hbHl0aWNzL2Rldmd1aWRlcy9jb2xsZWN0aW9uL2FuYWx5dGljc2pzLwoJdmFyIG5vb3BmbiA9IGZ1bmN0aW9uKCkgewoJCTsKCX07Cgl2YXIgbm9vcG51bGxmbiA9IGZ1bmN0aW9uKCkgewoJCXJldHVybiBudWxsOwoJfTsKCS8vCgl2YXIgVHJhY2tlciA9IGZ1bmN0aW9uKCkgewoJCTsKCX07Cgl2YXIgcCA9IFRyYWNrZXIucHJvdG90eXBlOwoJcC5nZXQgPSBub29wZm47CglwLnNldCA9IG5vb3BmbjsKCXAuc2VuZCA9IG5vb3BmbjsKCS8vCgl2YXIgZ2FOYW1lID0gd2luZG93Lkdvb2dsZUFuYWx5dGljc09iamVjdCB8fCAnZ2EnOwoJdmFy...4gPT09IDAgKSB7CgkJCXJldHVybjsKCQl9CgkJdmFyIGYgPSBhcmd1bWVudHNbbGVuLTFdOwoJCWlmICggdHlwZW9mIGYgIT09ICdvYmplY3QnIHx8IGYgPT09IG51bGwgfHwgdHlwZW9mIGYuaGl0Q2FsbGJhY2sgIT09ICdmdW5jdGlvbicgKSB7CgkJCXJldHVybjsKCQl9CgkJdHJ5IHsKCQkJZi5oaXRDYWxsYmFjaygpOwoJCX0gY2F0Y2ggKGV4KSB7CgkJfQoJfTsKCWdhLmNyZWF0ZSA9IGZ1bmN0aW9uKCkgewoJCXJldHVybiBuZXcgVHJhY2tlcigpOwoJfTsKCWdhLmdldEJ5TmFtZSA9IG5vb3BudWxsZm47CglnYS5nZXRBbGwgPSBmdW5jdGlvbigpIHsKCQlyZXR1cm4gW107Cgl9OwoJZ2EucmVtb3ZlID0gbm9vcGZuOwoJd2luZG93W2dhTmFtZV0gPSBnYTsKfSkoKTs=' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' open.scdn.co www.google-analytics.com cdn.ravenjs.com vt.myvisualiq.net".

SUGGESTED POSTS