New ask Hacker News story: Ask HN: Claude web blocked its assets visit via csp?
Ask HN: Claude web blocked its assets visit via csp?
5 by xgstation | 2 comments on Hacker News.
returned CSP header as following while all assets access to `https://assets-proxy.anthropic.com` is blocked script-src 'strict-dynamic' https: 'nonce-0f2f/yV7CL8nKlXr/lFMPA==' https://via.intercom.io https://api.intercom.io https://ift.tt/P7D2Iiw https://ift.tt/JoQ6Vdf https://ift.tt/pG9K5yf https://ift.tt/yfQcEwk https://ift.tt/WcVSItz https://ift.tt/HxrPa3n https://ift.tt/ehkQCfj wss://nexus-websocket-a.intercom.io https://ift.tt/hdDTWR6 wss://nexus-websocket-b.intercom.io https://ift.tt/v9kdFWO wss://nexus-europe-websocket.intercom.io https://ift.tt/8VAfrds wss://nexus-australia-websocket.intercom.io https://ift.tt/GEuAJKx https://ift.tt/1Ynqatx https://ift.tt/HaVIL2m https://ift.tt/YsuGZg2 https://ift.tt/hwxpUDV https://ift.tt/T3OQ1xo https://ift.tt/3pNPKg6 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; block-all-mixed-content; img-src 'self' data: blob: *.anthropic.com *.claude.ai *.claude.com *.ant.dev *.gstatic.com * https://ift.tt/fB6wcaV https://ift.tt/gyMrHlT https://ift.tt/TnL5Xzp https://ift.tt/x45qnQG https://ift.tt/ZgqE0XI https://ift.tt/hwxpUDV https://ift.tt/nJZDl7M https://ift.tt/6AWfg5U https://ift.tt/UHrOmnA https://ift.tt/TDVGEmc https://ift.tt/hi69zf7 https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://ift.tt/CSnzZ39 https://ift.tt/aouSgQE; frame-src a-cdn.claude.ai a.claude.ai a.claude-ai.staging.ant.dev b.stripecdn.com embedded-dashboards.metronome.com forms.hsforms.com googletagmanager.com js.stripe.com m.stripe.network newassets.hcaptcha.com pay.google.com r.stripe.com www.google.com accounts.google.com https://ift.tt/mWkwhSp https://ift.tt/LirA1qy https://ift.tt/R2CtPUa https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://ift.tt/WDYCAMH https://ift.tt/km48ylA *.claudemcpcontent.com https://claude.ai; font-src 'self' assets.claude.ai https://ift.tt/fB6wcaV https://ift.tt/uqAVJTF; form-action 'self' https://ift.tt/JEoPXdQ https://intercom.help https://ift.tt/pG9K5yf https://ift.tt/yfQcEwk https://ift.tt/WcVSItz; media-src 'self' cdn.sanity.io https://ift.tt/1IVQaX0 https://ift.tt/fB6wcaV https://ift.tt/TnL5Xzp https://ift.tt/x45qnQG https://ift.tt/ZgqE0XI; upgrade-insecure-requests
5 by xgstation | 2 comments on Hacker News.
returned CSP header as following while all assets access to `https://assets-proxy.anthropic.com` is blocked script-src 'strict-dynamic' https: 'nonce-0f2f/yV7CL8nKlXr/lFMPA==' https://via.intercom.io https://api.intercom.io https://ift.tt/P7D2Iiw https://ift.tt/JoQ6Vdf https://ift.tt/pG9K5yf https://ift.tt/yfQcEwk https://ift.tt/WcVSItz https://ift.tt/HxrPa3n https://ift.tt/ehkQCfj wss://nexus-websocket-a.intercom.io https://ift.tt/hdDTWR6 wss://nexus-websocket-b.intercom.io https://ift.tt/v9kdFWO wss://nexus-europe-websocket.intercom.io https://ift.tt/8VAfrds wss://nexus-australia-websocket.intercom.io https://ift.tt/GEuAJKx https://ift.tt/1Ynqatx https://ift.tt/HaVIL2m https://ift.tt/YsuGZg2 https://ift.tt/hwxpUDV https://ift.tt/T3OQ1xo https://ift.tt/3pNPKg6 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; block-all-mixed-content; img-src 'self' data: blob: *.anthropic.com *.claude.ai *.claude.com *.ant.dev *.gstatic.com * https://ift.tt/fB6wcaV https://ift.tt/gyMrHlT https://ift.tt/TnL5Xzp https://ift.tt/x45qnQG https://ift.tt/ZgqE0XI https://ift.tt/hwxpUDV https://ift.tt/nJZDl7M https://ift.tt/6AWfg5U https://ift.tt/UHrOmnA https://ift.tt/TDVGEmc https://ift.tt/hi69zf7 https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://ift.tt/CSnzZ39 https://ift.tt/aouSgQE; frame-src a-cdn.claude.ai a.claude.ai a.claude-ai.staging.ant.dev b.stripecdn.com embedded-dashboards.metronome.com forms.hsforms.com googletagmanager.com js.stripe.com m.stripe.network newassets.hcaptcha.com pay.google.com r.stripe.com www.google.com accounts.google.com https://ift.tt/mWkwhSp https://ift.tt/LirA1qy https://ift.tt/R2CtPUa https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://ift.tt/WDYCAMH https://ift.tt/km48ylA *.claudemcpcontent.com https://claude.ai; font-src 'self' assets.claude.ai https://ift.tt/fB6wcaV https://ift.tt/uqAVJTF; form-action 'self' https://ift.tt/JEoPXdQ https://intercom.help https://ift.tt/pG9K5yf https://ift.tt/yfQcEwk https://ift.tt/WcVSItz; media-src 'self' cdn.sanity.io https://ift.tt/1IVQaX0 https://ift.tt/fB6wcaV https://ift.tt/TnL5Xzp https://ift.tt/x45qnQG https://ift.tt/ZgqE0XI; upgrade-insecure-requests
Comments
Post a Comment