Content Security Policy error

Hello, I need a help. There is a script’s loading problem in my template’s preview. Console shows
Refused to frame ‘’ because it violates the following Content Security Policy directive: “default-src ‘self’”. Note that ‘frame-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
I think my site’s url isn’t specified in Content Security Policy of Envato. How can I fix this problem? Thanks.


Contact with your item author hope they will help you.

Still have any question open a Envato Help Ticket they would like to assist you with an official answer.



Hi @Tatiana_Sh,

The message you’re seeing is informational rather than an actual error. You should see the “[Report Only]” prefix on the message, which means the CSP is in report-only mode and is not enforcing the policy at the moment.

You should still see your preview site loading in the preview iframe. When I visit your page and go to the live preview, I see the Leitmotiv demo just fine. If you’re seeing something different, please open an Author support ticket and we’ll be happy to help figure out what’s going on.

Hi, rosssimpson,
I see problem with JS scripts working in live preview, parts images arn’t loaded as result (wayfinder.js don’t work as I think). I’ve wrote to Author support two days ago and yesterday about my problem, but not received a response yet.

With live preview

This page without live preview

I’d very happy to correct this situation. Thanks.

Great thanks for help to Author Support, problem was in working of one vendor’s scripts in iframe. Now problem is solved.

1 Like