How do I edit my CSP Header to allow inline Web Assembly (wasm)? - Nginx

TJBlackman
November 16, 2022
103 views
1 vote
2 Answers

How do I modify this line of Nginx config to allow my website to serve and execute in-line Web-Assembly (wasm)?

add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;

Error Message:

Content Security Policy: The page’s settings blocked the loading of a resource at wasm-eval (“default-src”).

So, I basically just tried adding wasm-eval to my CSP, right before where it says 'unsafe-inline', but that didn’t work. How do I edit my CSP Header to allow inline Web Assembly (wasm)?

Answers

Chosen as BEST ANSWER
- TJBlackman
- November 16, 2022 at 8:16 pm
- 0 votes
0
Not the best solution, but one solution is to add 'unsafe-eval' to my CSP. So now the entire line of config looks like this:
```
add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';" always;
```
The above works, but maybe isn't great for security. Hopefully I can further update this question/answer in the future.

(Edit)

- CorreyL
- March 9, 2023 at 4:17 pm
- 0 votes
0
unsafe-wasm-eval appears to be the only CSP option that all modern browsers support

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

How do I edit my CSP Header to allow inline Web Assembly (wasm)? – Nginx

Answers