Refused to load the script because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'

Question

I am using MVC6 (asp.net 5) using angular and trying to load scripts from CDN locations when my code is running in release mode, but for some reason the scripts NEVER load.<

Answer 1

In my case, this policy is set via SecurityHeadersAttribute (this attribute is set in AccountController and some others).

Basically, this adds default policy in the headers that overwrite your meta tag. So you need to change this policy or remove the attribute from Controller.