javascript - How to relax Content Security Policy with meta tag

Question

I'm trying to override the Content Security Policy using a specific meta tag for some pages.

I've been trying for a couple of hours, but I've not succeed yet.

Is there a way to override CSP from the page itself (using JavaScript or meta tags) without having to modify the server configuration?

Thank you.

Answer 1

No.

For security reasons the meta tag can only make the policy more strict, not to relax the policy defined in the headers.

If the meta tag could relax the policy, CSP would have no teeth. Any malicious party could just add a meta tag to disable the policy and avoid all of the restrictions that should be in place.