Aug 26, 2025
5
Level 1
Laravel Xampp and secure headers
Hello,
I use Laravel 12 and Xampp in my local machine. I have configure it to work in SSL and I use this module for secure headers : https://github.com/bepsvpt/secure-headers
The problem is that all is ok in production on our server hosting, but in local I have error of stylesheet not loeaded and problem with the debugbar. I use livewire too.
Local errors :
Refused to load the stylesheet 'https://extranet.local/_debugbar/assets/stylesheets?v=1753192890' because it violates the following Content Security Policy directive: "style-src 'nonce-M2FhZDRiNGRlYTk5NmYxMg==' 'nonce-ZjQ5MWQzOTQyYjQwOTkxYg==' 'nonce-MjEzZTNjOTBiZGQwMDYzZA==' 'nonce-MzAzZGY1MmQ5OGZkOGQwMQ==' 'nonce-M2JjMjFiOWRlNmUwZWQ5Yw==' fonts.googleapis.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
Comprendre cette erreur
login:1 Refused to load the script 'https://extranet.local/_debugbar/assets/javascript?v=1753192890' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-NTFiOGIyNjFlODljNWJlMA==' 'nonce-YzI3YjFhOWQ5YzZhYWRiZg==' 'nonce-NzE4OTBmMjE2NTYwMDk5OQ==' 'nonce-Nzc1ODNjZjlmOTI1NWEwOA==' 'nonce-NjA5ODU1ZGFkNTRmY2FiZA==' 'nonce-NzA1YmE4NjAwOWE2M2VjNA==' 'nonce-ZmYyYTQwZTQzOGNmZDk2OA==' 'nonce-NzA5NTA1NzE1M2IyYTY2ZA==' 'nonce-MTI0OTViN2NhZGNiZDkxMA=='". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Comprendre cette erreur
login:38 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-NTFiOGIyNjFlODljNWJlMA==' 'nonce-YzI3YjFhOWQ5YzZhYWRiZg==' 'nonce-NzE4OTBmMjE2NTYwMDk5OQ==' 'nonce-Nzc1ODNjZjlmOTI1NWEwOA==' 'nonce-NjA5ODU1ZGFkNTRmY2FiZA==' 'nonce-NzA1YmE4NjAwOWE2M2VjNA==' 'nonce-ZmYyYTQwZTQzOGNmZDk2OA==' 'nonce-NzA5NTA1NzE1M2IyYTY2ZA==' 'nonce-MTI0OTViN2NhZGNiZDkxMA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-FhudaH+D1DhcOfC3dGgEcvkNWiujsnNBXvpOnYT+asw='), or a nonce ('nonce-...') is required to enable inline execution.
Comprendre cette erreur
login:39 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-NTFiOGIyNjFlODljNWJlMA==' 'nonce-YzI3YjFhOWQ5YzZhYWRiZg==' 'nonce-NzE4OTBmMjE2NTYwMDk5OQ==' 'nonce-Nzc1ODNjZjlmOTI1NWEwOA==' 'nonce-NjA5ODU1ZGFkNTRmY2FiZA==' 'nonce-NzA1YmE4NjAwOWE2M2VjNA==' 'nonce-ZmYyYTQwZTQzOGNmZDk2OA==' 'nonce-NzA5NTA1NzE1M2IyYTY2ZA==' 'nonce-MTI0OTViN2NhZGNiZDkxMA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-abS8bXelr2wTMtWfwv4Q2SgF9jc3EmpFalJLyucKH4o='), or a nonce ('nonce-...') is required to enable inline execution.
Comprendre cette erreur
login:39 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'nonce-M2FhZDRiNGRlYTk5NmYxMg==' 'nonce-ZjQ5MWQzOTQyYjQwOTkxYg==' 'nonce-MjEzZTNjOTBiZGQwMDYzZA==' 'nonce-MzAzZGY1MmQ5OGZkOGQwMQ==' 'nonce-M2JjMjFiOWRlNmUwZWQ5Yw==' fonts.googleapis.com". Either the 'unsafe-inline' keyword, a hash ('sha256-pKIlVLW7OhmdDHK4sJUlttyUvPdvM6d9mJThVU2lamU='), or a nonce ('nonce-...') is required to enable inline execution.
Comprendre cette erreur
login:106 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-NTFiOGIyNjFlODljNWJlMA==' 'nonce-YzI3YjFhOWQ5YzZhYWRiZg==' 'nonce-NzE4OTBmMjE2NTYwMDk5OQ==' 'nonce-Nzc1ODNjZjlmOTI1NWEwOA==' 'nonce-NjA5ODU1ZGFkNTRmY2FiZA==' 'nonce-NzA1YmE4NjAwOWE2M2VjNA==' 'nonce-ZmYyYTQwZTQzOGNmZDk2OA==' 'nonce-NzA5NTA1NzE1M2IyYTY2ZA==' 'nonce-MTI0OTViN2NhZGNiZDkxMA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-f1IhZ/mD/Lj5kzYfUTKI9x3TG8psXB6f6ebITJ6DW94='), or a nonce ('nonce-...') is required to enable inline execution.
What I need to do to solve this erros in local ?
Regards
Please or to participate in this conversation.