CSP WARN: Directive ”...” violated by

This warning appears in the Error Console when your site uses Content Security Policy without making an exception for the external JavaScript include.

To fix this, include in your script-src directive. If you’re using the django-csp library, the following settings will work:

CSP_SCRIPT_SRC = ("'self'", '','')
CSP_FRAME_SRC = ("'self'", '','')


The example above also includes the frame-src directive. There is an iframe used during BrowserID login, but some people report that login will work without the directive. In general, you should probably include it.

Site keeps redirecting to the same page repeatedly

Sometimes, after attempting to login, you might notice that the page keeps reloading itself over and over. This usually means that something has gone wrong in your login process, and you should check the log output as well as the solutions below to see if they can point you in the right direction.

The reason for the repeating redirects has to do with Persona, the default BrowserID server that django-browserid uses. If you have attempted to log in to a site via Persona, and the site fails to accept your login, Persona will continue to attempt to log you in if the JavaScript shim that it provides is included on the page.

The easiest way to get around this is to simply not include the login form on any pages when the user is logged in. django-browserid attempts to avoid these infinite loops in certain cases, but they may still come up if, for example, SESSION_COOKIE_SECURE is True on a development instance without SSL.

Login fails silently due to cache issues

Another possible cause of silently failing logins is an issue with having no cache configured locally. Several projects (especially projects based on playdoh, which uses django-session-csrf) store session info in the cache rather than the database, and if your local instance has no cache configured, the session information will not be stored and login will fail silently.

To solve this issue, you should configure your local instance to use an in-memory cache with the following in your local settings file:

    'default': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
        'LOCATION': 'unique-snowflake'

Project Versions

Table Of Contents

Previous topic


Next topic


This Page