Brave V1.26.67 fails to load many sites: inline script violates content security policy

Description of the issue:

When opening many sites using brave on macos 10.13.6, the sites fail to fully load and many instances of the following error appear on the javascript console:

Refused to execute inline script because it violates the following Content Security Policy directive: “script-src http: https:”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-fMa3abus/34Yw3T42l76f0IFhcUZAfXV7UNXBdeL7c8=’), or a nonce (‘nonce-…’) is required to enable inline execution.

How can this issue be reproduced?

  1. open brave on macos,
  2. brave shields may be either up or down, does not affect the bug
  3. visit
  4. observe 26 copies of the above error messge in the console
  5. observe the blank photo page

Expected result:
i would expect to see the photos stored at

Brave Version( check About Brave):

Additional Information:

This happens with shields UP and also with shields DOWN. it does not appear to depend on the state of the shields. Also, this bug appeared first in the previous Release and continues to be a problem in this one.

is there some way in settings to turn off this content security policy? i looked but was not able to find it.

I’m able to view Google Photos without any issue and no console errors – using macOS and the latest Brave build.

I imagine this issue you’re seeing is caused by an extension you have installed or bad cache data. I would test this in a Private browsing window and see if you get the same results – note that if any extensions are configured to run in private mode, please disable them or disable that option first before performing the test.

Good call. uBlock Origin 1.35.2 is the source of the problem. Disabling it returned access to all sites.
Solved, thanks

1 Like

You’re welcome – glad it was that easy to resolve and thank you for confirming.