Reputation: 21
CSP Setting in NUXT
CSP blocking my local js files. here my nuxt.config.js
unsafeInlineCompatibility: true,
policies: {
'default-src': ["'self'", 'delivly.com', 'localhost', '*.gstatic.com', '*.fontawesome.com'],
'script-src': ["'unsafe-inline'", 'delivly.com', 'localhost', '*.fontawesome.com', '*.googlesyndication.com', '*.googletagmanager.com'],
'style-src': ["'self'", "'unsafe-inline'", 'delivly.com', '*.googleapis.com', '*.fontawesome.com'],
'connect-src': ["'self'", 'wss://delivly.com']
},
addMeta: true
}
Blocked files:
http://localhost:3010/_nuxt/runtime.js
http://localhost:3010/_nuxt/pages_index.js
http://localhost:3010/_nuxt/commons.app.js
http://localhost:3010/_nuxt/vendors.app.js
http://localhost:3010/_nuxt/app.js
Anyone know where is the problem?
Upvotes: 2
Views: 1840
Answers (1)
Reputation: 8496
I understand it's too late to answer topicstarter, but may be it will come in handy for a "new generation".
The localhost acts as host-source, but host-sources allows the standard ports only.
On HTTP:-page the localhost will transform to http://localhost (Same origin Policy is used to restore scheme). For http:// scheme standard port is 80, therefore any other ports will be forbidden by CSP (CSP3-browsers will allow port 443 too).
To allow any ports it need to use * as port number like that:
'default-src': ['localhost:*']
or to specify the real port number:
'default-src': ['localhost:3010']
Upvotes: 2
Related Questions
- Content Security Policy in Nuxt.js
- Refused to load the script CSP
- Are we forced to use 'unsafe-inline' in our CSP when using Vue.JS?
- How to build Nuxt with specific content
- Nuxt + Vuetify using Content Security Policy (CSP) header inline styling
- Content-Security-Policy blocks Vue.js
- How to add CSP header (Content-Security-Policy) to vuejs app?
- Can a Content Security Policy be set for the SPA mode of NUXT
- how to configure csp in nuxt
- Vue inline template and CSP