Autocomplete requests blocked by X-XSS-Protection


I have a Content Security Policy that explicitly whitelists with ‘unsafe-inline’ ‘unsafe-eval’ (not, great, I know). Regular search functionality is working as expected. However, autocomplete requests are being blocked by browser default X-XSS-Protection:1; mode=block. I’ve done a bunch of googling and I’m not sure why that is happening when the CSP should be allowing them.

Any suggestions are much appreciated! Thanks.


I realized I was reading the header information incorrectly.

Autocomplete still isn’t working for me, but this isn’t the cause.


Hey there! Sorry for the delay on replying to this thread. May I trouble you to write into Support from within the Swiftype dashboard. You’ll trigger the submission form by clicking on the Support link in the header section of the dash. From there, please include the above as well as supporting details such as URLs to where the issue can be viewed and replicated. We’ll be happy to assist!