Console errors about Content Security Policy and missing image

Question

Console errors about Content Security Policy and missing image

mraible opened this issue 4 years ago · 4 comments

I see the following error in my console when I hit start.jhipster.tech without being logged in.

After logging in, there's a 404, but it looks like it's coming from 1Password, not from JHipster.

Answer 1 · 2020-11-12T02:34:58.000Z

@mraible : I tested with both Chrome and Firefox and I cannot see that security policy violation; although I do see a security policy violation related to google-analytics. My guess is that one might also be coming from a extension you've installed. Could you do this on an incognito window (assuming all extensions are disabled there) and show me the result? Thanks. 🤝

Answer 2 · 2020-11-12T02:41:05.000Z

Here's an incognito screenshot. It is a bit different from the one I posted above.

I think we need to add a rule to the CSP to allow XHR (connect-src) connections to GA. Something like this:

connect-src 'self' https://www.google-analytics.com

Answer 3 · 2020-11-12T03:14:53.000Z

@mraible : Yes, now what you see is what I see on my side as well. I will create a PR for that. Thanks for verifying. 👍🏽

Answer 4 · 2020-11-12T03:40:50.000Z

@mraible : I've deployed a new version of jhipster-online; should be live in around 10 mins. That should solve this problem; let me know otherwise. 👍🏽