when i submit pxpay windcave credentials, in console below error occurs. Why?
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
i have tried to change the header default-src: self but not works for me.
In a CSP directive, 'none' can only be present if there are no other sources listed. You either have to remove 'none' from default-src or all the other sources.
But your initial problem might be that you have multiple CSPs and that you need to identify how all CSP are set. Start by checking all response headers and meta tags of the document, then identify the policy with the problematic default-src and try to modify it while you remove all other policies (if any).