Reputation: 151
I get error in console after install ember-cli-content-policy
vendor-suffix.js:1 [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'nonce-abcdefg' localhost:4200 0.0.0.0:4200".
i installed ember-cli-content-policy and i m trying to override default configuration by adding
ENV.contentSecuityPolicy in environment.js
but i cannot the configuration still default and i get the error when ever i ran the app
Upvotes: 0
Views: 286
Answers (1)
Reputation: 6338
This sounds like a bug that has been reported on GitHub some weeks ago: https://github.com/rwjblue/ember-cli-content-security-policy/issues/127
Ember-cli-content-security-policy applies a static nonce in testing environment and if used with development server. It's used to work-a-round a CSP violation triggered by default testing setup.
That nonce was always applied - even if script-src contains 'unsafe-inline'. But a present nonce overrules 'unsafe-inline' and basically disabled it.
This has been fixed in https://github.com/rwjblue/ember-cli-content-security-policy/pull/128 but is not released yet.
Upvotes: 1
Related Questions
- EACCES issue, When i am installing ember-cli
- Ember app has been blocked by CORS policy
- Content Security Policy violation in a fresh Ember app
- On starting ember server embercli throws some errors
- can not install ember-cli with npm
- How to deal with ember-cli Content Security Policy warnings
- Weird error with Ember controllers
- Ember-cli ember serve AssertionError (false == true)
- Ember-cli: Expected an assignment or function call
- Getting error in new Ember-cli project