Reputation: 931
Scala Play error loading assets
Whenever I try to load assets as described in the documentation, found here, under "using configuration and AssetsFinder", I keep getting the following error:
angular-1.6.4.min.js:sourcemap:202 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
Can anyone tell me what I might be doing wrong, or how to get around this? It seems strange that this error should occur....
EDIT:
From the answer provided by NBoo, I attempted to specify a CSP header with:
Ok("Index").withHeaders(SecurityHeadersFilter.CONTENT_SECURITY_POLICY_HEADER -> "default-src 'unsafe-inline'")
I've set play.filters.headers.allowActionSpecificHeaders = true
but now I get errors on other scripts.
Upvotes: 1
Views: 176
Answers (1)
Reputation: 865
As from 2.6.x version Play enables the security headers filter by default. And therefore your page get's blocked by this filter. Take a look at this documentation:
https://www.playframework.com/documentation/2.6.x/SecurityHeaders
You need to use Content-Security-Policy header among other headers.
Upvotes: 1
Related Questions
- Cannot load play.http.errorHandler
- Loading csv file fails to load in js file for public assets using play framework with scala
- Scala Play: object index is not a member of package views.html
- Scala Play app not loading forms
- Play Framework beginner. Scala.html error in compilation
- Play 2.4.2 Scala controllers.Assets.at action not found
- ScalaJs With Play Framework (Error in Tests)
- Loading an arbitrary file in the Play Framework 2 (Scala)
- Assets.at outside play/project folder
- Can't load a file in Play (always not found)