[2.3.5][Magento_Csp] Content-Security-Policy header is too large

[IgorVitol]

Preconditions (*)

1. Magento CE/EE 2.3.5 with Sample Data (composer installation)
2. Nginx 1.17.10 / FPM (PHP 7.3.16).
3. Default Nginx config used (nginx.conf.sample)

Steps to reproduce (*)

1. Navigate to URL: /women/tops-women.html

Expected result (*)

1. Category should open without any issues

Actual result (*)

1. Error - Nginx: 502 Bad Gateway.
2. Nginx logs:

upstream sent too big header while reading response header from upstream.

Actually this happens to many different pages. After some investigation and comparing with 2.3.4 installation I have found that module "Magento_Csp" addding extra large header "Content-Security-Policy" or "Content-Security-Policy-Report-Only" , which broke default Nginx limits for header size (4k).

Just to compare, here is response headers added by Magento in 2.3.4 / 2.3.5 for same Women/Tops category:

1. 2.3.4: ~ 2.9k in size (because of product cache tags)

[
  "X-Powered-By: PHP\/7.3.16",
  "Set-Cookie: mage-cache-sessid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=\/",
  "Set-Cookie: PHPSESSID=3e3b551e44eff750b888b718a1080043; expires=Mon, 04-May-2020 11:08:41 GMT; Max-Age=3600; path=\/; domain=magento2.local; secure; HttpOnly",
  "Set-Cookie: form_key=XUgokXJjBnndASPS; expires=Mon, 04-May-2020 11:08:41 GMT; Max-Age=3600; path=\/; domain=magento2.local; secure",
  "Pragma: cache",
  "Cache-Control: max-age=86400, public, s-maxage=86400",
  "Expires: Tue, 05 May 2020 10:08:42 GMT",
  "X-Magento-Tags: store,cms_b,cms_b_1,cms_b_footer_links_block,cat_c_21,cat_c_p_21,cat_p_1082,cat_p,cat_p_1067,cat_p_1068,cat_p_1069,cat_p_1070,cat_p_1071,cat_p_1072,cat_p_1073,cat_p_1074,cat_p_1075,cat_p_1076,cat_p_1077,cat_p_1078,cat_p_1079,cat_p_1080,cat_p_1081,cat_p_1136,cat_p_1121,cat_p_1122,cat_p_1123,cat_p_1124,cat_p_1125,cat_p_1126,cat_p_1127,cat_p_1128,cat_p_1129,cat_p_1130,cat_p_1131,cat_p_1132,cat_p_1133,cat_p_1134,cat_p_1135,cat_p_1274,cat_p_1259,cat_p_1260,cat_p_1261,cat_p_1262,cat_p_1263,cat_p_1264,cat_p_1265,cat_p_1266,cat_p_1267,cat_p_1268,cat_p_1269,cat_p_1270,cat_p_1271,cat_p_1272,cat_p_1273,cat_p_1450,cat_p_1435,cat_p_1436,cat_p_1437,cat_p_1438,cat_p_1439,cat_p_1440,cat_p_1441,cat_p_1442,cat_p_1443,cat_p_1444,cat_p_1445,cat_p_1446,cat_p_1447,cat_p_1448,cat_p_1449,cat_p_1498,cat_p_1483,cat_p_1484,cat_p_1485,cat_p_1486,cat_p_1487,cat_p_1488,cat_p_1489,cat_p_1490,cat_p_1491,cat_p_1492,cat_p_1493,cat_p_1494,cat_p_1495,cat_p_1496,cat_p_1497,cat_p_1514,cat_p_1499,cat_p_1500,cat_p_1501,cat_p_1502,cat_p_1503,cat_p_1504,cat_p_1505,cat_p_1506,cat_p_1507,cat_p_1508,cat_p_1509,cat_p_1510,cat_p_1511,cat_p_1512,cat_p_1513,cat_p_1594,cat_p_1579,cat_p_1580,cat_p_1581,cat_p_1582,cat_p_1583,cat_p_1584,cat_p_1585,cat_p_1586,cat_p_1587,cat_p_1588,cat_p_1589,cat_p_1590,cat_p_1591,cat_p_1592,cat_p_1593,cat_p_1754,cat_p_1739,cat_p_1740,cat_p_1741,cat_p_1742,cat_p_1743,cat_p_1744,cat_p_1745,cat_p_1746,cat_p_1747,cat_p_1748,cat_p_1749,cat_p_1750,cat_p_1751,cat_p_1752,cat_p_1753,cat_p_1802,cat_p_1787,cat_p_1788,cat_p_1789,cat_p_1790,cat_p_1791,cat_p_1792,cat_p_1793,cat_p_1794,cat_p_1795,cat_p_1796,cat_p_1797,cat_p_1798,cat_p_1799,cat_p_1800,cat_p_1801,cat_p_1050,cat_p_1035,cat_p_1036,cat_p_1037,cat_p_1038,cat_p_1039,cat_p_1040,cat_p_1041,cat_p_1042,cat_p_1043,cat_p_1044,cat_p_1045,cat_p_1046,cat_p_1047,cat_p_1048,cat_p_1049,cat_p_1200,cat_p_1185,cat_p_1186,cat_p_1187,cat_p_1188,cat_p_1189,cat_p_1190,cat_p_1191,cat_p_1192,cat_p_1193,cat_p_1194,cat_p_1195,cat_p_1196,cat_p_1197,cat_p_1198,cat_p_1199,cat_p_1216,cat_p_1201,cat_p_1202,cat_p_1203,cat_p_1204,cat_p_1205,cat_p_1206,cat_p_1207,cat_p_1208,cat_p_1209,cat_p_1210,cat_p_1211,cat_p_1212,cat_p_1213,cat_p_1214,cat_p_1215",
  "X-Magento-Debug: 1",
  "X-Content-Type-Options: nosniff",
  "X-XSS-Protection: 1; mode=block",
  "X-Frame-Options: SAMEORIGIN"
]

2.3.5: ~ 4.9k in size (because of product cache tags + csp)

[
  "X-Powered-By: PHP\/7.3.16",
  "Set-Cookie: mage-cache-sessid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=\/",
  "Set-Cookie: PHPSESSID=ad946a72224b9800ae7fc97789e7a223; expires=Mon, 04-May-2020 09:13:21 GMT; Max-Age=3600; path=\/; domain=magento2.local; secure; HttpOnly",
  "Set-Cookie: form_key=dh78SLda7p7MFjOR; expires=Mon, 04-May-2020 09:13:21 GMT; Max-Age=3600; path=\/; domain=magento2.local; secure",
  "Pragma: cache",
  "Cache-Control: max-age=86400, public, s-maxage=86400",
  "Expires: Tue, 05 May 2020 08:13:23 GMT",
  "X-Magento-Tags: store,cms_b,cms_b_1,cms_b_footer_links_block,cat_c_21,cat_c_p_21,cat_p_1082,cat_p,cat_p_1067,cat_p_1068,cat_p_1069,cat_p_1070,cat_p_1071,cat_p_1072,cat_p_1073,cat_p_1074,cat_p_1075,cat_p_1076,cat_p_1077,cat_p_1078,cat_p_1079,cat_p_1080,cat_p_1081,cat_p_1136,cat_p_1121,cat_p_1122,cat_p_1123,cat_p_1124,cat_p_1125,cat_p_1126,cat_p_1127,cat_p_1128,cat_p_1129,cat_p_1130,cat_p_1131,cat_p_1132,cat_p_1133,cat_p_1134,cat_p_1135,cat_p_1274,cat_p_1259,cat_p_1260,cat_p_1261,cat_p_1262,cat_p_1263,cat_p_1264,cat_p_1265,cat_p_1266,cat_p_1267,cat_p_1268,cat_p_1269,cat_p_1270,cat_p_1271,cat_p_1272,cat_p_1273,cat_p_1450,cat_p_1435,cat_p_1436,cat_p_1437,cat_p_1438,cat_p_1439,cat_p_1440,cat_p_1441,cat_p_1442,cat_p_1443,cat_p_1444,cat_p_1445,cat_p_1446,cat_p_1447,cat_p_1448,cat_p_1449,cat_p_1498,cat_p_1483,cat_p_1484,cat_p_1485,cat_p_1486,cat_p_1487,cat_p_1488,cat_p_1489,cat_p_1490,cat_p_1491,cat_p_1492,cat_p_1493,cat_p_1494,cat_p_1495,cat_p_1496,cat_p_1497,cat_p_1514,cat_p_1499,cat_p_1500,cat_p_1501,cat_p_1502,cat_p_1503,cat_p_1504,cat_p_1505,cat_p_1506,cat_p_1507,cat_p_1508,cat_p_1509,cat_p_1510,cat_p_1511,cat_p_1512,cat_p_1513,cat_p_1594,cat_p_1579,cat_p_1580,cat_p_1581,cat_p_1582,cat_p_1583,cat_p_1584,cat_p_1585,cat_p_1586,cat_p_1587,cat_p_1588,cat_p_1589,cat_p_1590,cat_p_1591,cat_p_1592,cat_p_1593,cat_p_1754,cat_p_1739,cat_p_1740,cat_p_1741,cat_p_1742,cat_p_1743,cat_p_1744,cat_p_1745,cat_p_1746,cat_p_1747,cat_p_1748,cat_p_1749,cat_p_1750,cat_p_1751,cat_p_1752,cat_p_1753,cat_p_1802,cat_p_1787,cat_p_1788,cat_p_1789,cat_p_1790,cat_p_1791,cat_p_1792,cat_p_1793,cat_p_1794,cat_p_1795,cat_p_1796,cat_p_1797,cat_p_1798,cat_p_1799,cat_p_1800,cat_p_1801,cat_p_1050,cat_p_1035,cat_p_1036,cat_p_1037,cat_p_1038,cat_p_1039,cat_p_1040,cat_p_1041,cat_p_1042,cat_p_1043,cat_p_1044,cat_p_1045,cat_p_1046,cat_p_1047,cat_p_1048,cat_p_1049,cat_p_1200,cat_p_1185,cat_p_1186,cat_p_1187,cat_p_1188,cat_p_1189,cat_p_1190,cat_p_1191,cat_p_1192,cat_p_1193,cat_p_1194,cat_p_1195,cat_p_1196,cat_p_1197,cat_p_1198,cat_p_1199,cat_p_1216,cat_p_1201,cat_p_1202,cat_p_1203,cat_p_1204,cat_p_1205,cat_p_1206,cat_p_1207,cat_p_1208,cat_p_1209,cat_p_1210,cat_p_1211,cat_p_1212,cat_p_1213,cat_p_1214,cat_p_1215",
  "X-Magento-Debug: 1",
  "Content-Security-Policy-Report-Only: font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';",
  "X-Content-Type-Options: nosniff",
  "X-XSS-Protection: 1; mode=block",
  "X-Frame-Options: SAMEORIGIN"
]

As you can see, in 2.3.5, CSP adding about 2K in size to all response headers / all requests by default.
Actually someone could say that it is easy fix, just to increase limits in Nginx to at least 6k, like this:

fastcgi_buffers 1024 6k;
fastcgi_buffer_size 6k;

But in this case you would need to also adjust limits in all involved proxies, like nginx ssl offloaders or others, like Kubernetes Nginx Ingress.

And it will not fix the core issue - looks like CSP module adding all merged rules as header to all requests. And potentially it could grow in size in future.

Example (same Women/Tops category page) :

1. cardinalcommerce.com
2. sandbox.paypal.com
3. test.authorize.net
4. e.t.c.

All of this is not actually required on category page. Looks like it is better to generate different rule pools per page type, rather than global pool for all...

You can read more about such limits:

1. https://stackoverflow.com/a/8623061
2. https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffer_size

[m2-assistant]

Hi @IgorVitol. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, please, review the Magento Contributor Assistant documentation.

@IgorVitol do you confirm that you were able to reproduce the issue on vanilla Magento instance following steps to reproduce?

• yes
• no

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

[m2-assistant]

Hi @engcom-Delta. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

• 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).

  Details

  If the issue has a valid description, the label Issue: Format is valid will be added to the issue automatically. Please, edit issue description if needed, until label Issue: Format is valid appears.

• 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add Issue: Clear Description label to the issue by yourself.

• 3. Add Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• 4. Verify that the issue is reproducible on 2.4-develop branch

  Details

  - Add the comment @magento give me 2.4-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

• 5. Add label Issue: Confirmed once verification is complete.

• 6. Make sure that automatic system confirms that report has been added to the backlog.

[magento-engcom-team]

✅ Confirmed by @engcom-Delta
Thank you for verifying the issue. Based on the provided information internal tickets MC-34157 were created

Issue Available: @engcom-Delta, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

[medhassenkhatteche]

Hi every one,
I have a problem when i lanch my website magento 2.3.5-1 on locale with MySQL

i have in console all this
The Content Security Policy 'font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header.
localhost/:1 [Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Work+Sans:400,700.less' because it violates the following Content Security Policy directive: "style-src getfirebug.com 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

localhost/:1 [Report Only] Refused to load the script 'https://www.google.com/recaptcha/api.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

api.js:1 [Report Only] Refused to load the script 'https://www.gstatic.com/recaptcha/releases/-wV2EAWEOTlEtZh4vNQtn3H1/recaptcha__fr.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

(anonymous) @ api.js:1
(anonymous) @ api.js:1
DevTools failed to load SourceMap: Could not load content for chrome-extension://gighmmpiobklfepjocnamgkkbiglidom/include.preload.js.map: HTTP error: status code 404, net::ERR_UNKNOWN_URL_SCHEME
6[Report Only] Refused to load the font '' because it violates the following Content Security Policy directive: "font-src 'self' 'unsafe-inline'".

DevTools failed to load SourceMap: Could not load content for chrome-extension://gighmmpiobklfepjocnamgkkbiglidom/include.postload.js.map: HTTP error: status code 404, net::ERR_UNKNOWN_URL_SCHEME
5Refused to execute script from '' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
require.js:166 Uncaught Error: Script error for: js/theme
http://requirejs.org/docs/errors.html#scripterror
at makeError (require.js:166)
at HTMLScriptElement.onScriptError (require.js:1681)
makeError @ require.js:166
onScriptError @ require.js:1681
error (async)
req.load @ require.js:1883
load @ require.js:1639
load @ require.js:820
fetch @ require.js:810
check @ require.js:840
enable @ require.js:1143
enable @ require.js:1511
(anonymous) @ require.js:1128
(anonymous) @ require.js:132
each @ require.js:57
enable @ require.js:1090
init @ require.js:774
(anonymous) @ require.js:1416
setTimeout (async)
req.nextTick @ require.js:1755
localRequire @ require.js:1405
configure @ require.js:1343
requirejs @ require.js:1734
req.config @ require.js:1745
(anonymous) @ requirejs-config.js:117
(anonymous) @ requirejs-config.js:118
(anonymous) @ requirejs-config.js:643
require.js:166 Uncaught Error: Script error for: mage/backend/bootstrap
http://requirejs.org/docs/errors.html#scripterror
at makeError (require.js:166)
at HTMLScriptElement.onScriptError (require.js:1681)
makeError @ require.js:166
onScriptError @ require.js:1681
error (async)
req.load @ require.js:1883
load @ require.js:1639
load @ require.js:820
fetch @ require.js:810
check @ require.js:840
enable @ require.js:1143
enable @ require.js:1511
(anonymous) @ require.js:1128
(anonymous) @ require.js:132
each @ require.js:57
enable @ require.js:1090
init @ require.js:774
(anonymous) @ require.js:1416
setTimeout (async)
req.nextTick @ require.js:1755
localRequire @ require.js:1405
configure @ require.js:1343
requirejs @ require.js:1734
req.config @ require.js:1745
(anonymous) @ requirejs-config.js:117
(anonymous) @ requirejs-config.js:118
(anonymous) @ requirejs-config.js:643
require.js:166 Uncaught Error: Script error for: mage/adminhtml/globals
http://requirejs.org/docs/errors.html#scripterror
at makeError (require.js:166)
at HTMLScriptElement.onScriptError (require.js:1681)
makeError @ require.js:166
onScriptError @ require.js:1681
error (async)
req.load @ require.js:1883
load @ require.js:1639
load @ require.js:820
fetch @ require.js:810
check @ require.js:840
enable @ require.js:1143
enable @ require.js:1511
(anonymous) @ require.js:1128
(anonymous) @ require.js:132
each @ require.js:57
enable @ require.js:1090
init @ require.js:774
(anonymous) @ require.js:1416
setTimeout (async)
req.nextTick @ require.js:1755
localRequire @ require.js:1405
configure @ require.js:1343
requirejs @ require.js:1734
req.config @ require.js:1745
(anonymous) @ requirejs-config.js:117
(anonymous) @ requirejs-config.js:118
(anonymous) @ requirejs-config.js:643
require.js:166 Uncaught Error: Script error for: Magento_Catalog/catalog/product
http://requirejs.org/docs/errors.html#scripterror
at makeError (require.js:166)
at HTMLScriptElement.onScriptError (require.js:1681)
makeError @ require.js:166
onScriptError @ require.js:1681
error (async)
req.load @ require.js:1883
load @ require.js:1639
load @ require.js:820
fetch @ require.js:810
check @ require.js:840
enable @ require.js:1143
enable @ require.js:1511
(anonymous) @ require.js:1128
(anonymous) @ require.js:132
each @ require.js:57
enable @ require.js:1090
init @ require.js:774
(anonymous) @ require.js:1416
setTimeout (async)
req.nextTick @ require.js:1755
localRequire @ require.js:1405
configure @ require.js:1343
requirejs @ require.js:1734
req.config @ require.js:1745
(anonymous) @ requirejs-config.js:333
(anonymous) @ requirejs-config.js:334
(anonymous) @ requirejs-config.js:643
require.js:166 Uncaught Error: Script error for: jquery
http://requirejs.org/docs/errors.html#scripterror
at makeError (require.js:166)
at HTMLScriptElement.onScriptError (require.js:1681)

How Can-i resolve it??
Help please!