Content Security Policy Error with Glitch Site

Hi there! I’ve tried so many things to try and get this fixed and I’m starting to lose hope. A few days ago, my glitch website became basically unusable when all of a sudden a bunch of images/assets on the webpage disappeared and we’re replaced by missing image icons. I know this is not project based because even things on the glitch homepage are missing. I’ve attached some screenshots of what I mean to get an idea of the issue. I’ve also attached a screenshot of the error message I’m getting in the web inspector.

Here’s what I’ve tried so far, and none of these have worked:
Disabling all security features for Chrome
Temporarily disabling my firewall
I contacted AT&T and explained the issue, they said they would unblock stuff from Glitch

I’m really at a a dead end here and I don’t know what else to try. Everything works fine when I try looking at Glitch on something other than my wifi so I think it has something to do with my internet.

Here’s a copy of the CSP error message in my web inspector:

  1. Content Security Policy of your site blocks some resources

  2. Some resources are blocked because their origin is not listed in your site’s Content Security Policy (CSP). Your site’s CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.

A site’s Content Security Policy is set either as via an HTTP header (recommended), or via a meta HTML tag.

To fix this issue do one of the following:

* (Recommended) If you're using an allowlist for `'script-src'` , consider switching from an allowlist CSP to a strict CSP, because strict CSPs are more robust against XSS. See how to set a strict CSP.
* Or carefully check that all of the blocked resources are trustworthy; if they are, include their sources in the CSP of your site. ⚠️Never add a source you don't trust to your site's CSP. If you don't trust the source, consider hosting resources on your own site instead.
  1. AFFECTED RESOURCES
1. 6 directives

“I contacted AT&T and explained the issue, they said they would unblock stuff from Glitch”

Can you confirm that they did unblock this by going directly to the URL of one of those assets and seeing if it loads?

1 Like

Tried it and it did not load. I guess I should maybe reach out AGAIN to AT&T but I feel like the support person I spoke to didn’t even really understand the issue I was having.

Can you tell me the support center link for your ISP and what specific one it is (AT&T Internet? Cellular/5G?). I’ll see if I can hunt down a proper form to submit our CDN domain to get it unblocked - tracking this stuff is hard and, as you’re encountering, their support often isn’t able to see the issue because they themselves don’t seem to use their own ISP!

1 Like

Here is the link that I used when I contacted AT&T.

I’m using AT&T Internet in my apartment. I’m located in Columbus if that helps with anything haha.
Thanks!

Hi jenn, The issue was resolved for a bit but it came back. Same exact problem. Is there anything else I can do to fix this?

Hi! Have you reached out to AT&T to confirm they’re blocking it for any particular reason again? Last I reached out to them, I hit a dead end because I’m not a customer, but it did appear to get them to remove the domain from their block list. Let me know and I’ll see if I can have someone else here try reaching out to AT&T!

I did not reach out to them after it got messed up again. I can try and contact them again tomorrow but when I spoke to them the last time it seemed like they didn’t know what i was talking about :frowning:

Is it possible this is what is blocking the Glitch CDN?

For the meantime, a VPN should solve the issue.

could you try replacing

https://cdn.glitch.me

with

https://s3.amazonaws.com/production-assetsbucket-8ljvyr1xczmb

test:

this might be not very polite though :woman_shrugging:

No I don’t think so, I don’t have any family filters or anything. Also I tried the VPN and that did not work.

Don’t know if you’ve mentioned it but I will suggest that you post a message on an AT&T support site. Get someone (or multiple someone’s there) to try to connect to a site you are having trouble with. If nobody is blocked that tells you something, if others are that provides additional support for the idea that AT&T is actively blocking something.

It would seem a list of such blocked sites should be available from them if this is the case.

Also I cannot see how a VPN could produce the same results. It is via VPN software that individuals get around access blocks placed by some countries. Can you get a neighbor or a friend on the same AT&T plan to test it out as well?

After contacting ATT AGAIN they helped me resolve it. Apparently there was a virus in my router/modem that they fixed by updating the firmware. Glitch works perfectly now. Thank you all for your help and suggestions!

4 Likes

I’m glad it’s resolved but also…a virus in the router??? Every day is a winding road!

2 Likes