Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Content Security Policy with “Refused to load image” error



User has set up a Content Security Policy and is trying to run a flow. User witnesses a JavaScript error in the console that comes from the Pega-provided JS file.

Error Messages

Refused to load the image 'data:image/gif;base64,xxxxxxxxxxxxxxxx==' because it violates the following Content Security Policy directive: "img-src 'self' https://www.<a_website>.com https://<another_website>.net".
(anonymous function) @ dvtoolbar_1781386813!!.js:4(anonymous function) @ dvtoolbar_1781386813!!.js:369

Steps to Reproduce

  1. Set the Content Security Policy in the Application rule to allow only some of the websites.
  2. Try to open a Section rule and then see the error message in the console.

Root Cause

A misunderstanding of Pega software functionality causes a problem in your application. 

This issue is triggered by your use of the DVToolbarscript JS file, which violates the Content Security Policy script.

var emptyImg = new Image();
emptyImg.src = 'data:image/gif;base64,xxxxxxxxxxxxxxxxxxxxxxxxx==';


Modify the DVToolbarscript JS file in your application to comply with the Content Security Policy Directive for img-src.
Refer to the Pega 7.1.8 Help topic, Content Security Policies - Completing the Policy Definition tab,

Refer to the Content Security Policy website, the Directive Reference for img-src , which defines valid sources of images.
The Content Security Policy Directive Reference is based on the Content Security Policy 1.0 W3C Candidate Recommendation.
See also the Content-Security-Policy Error Messages.


Published August 31, 2015 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us