missing default contentSecurityPolicy
Closed this issue · 2 comments
vire commented
Hi, having a default EmberApp configuration:
var app = new EmberApp({
'ember-cli-foundation-sass': {
'modernizr': true,
'fastclick': true,
'foundationJs': 'all'
}
});results into:
[Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
Wouldn't it be good to add somehove into the environment's contentSecurityPolicy necessary updates, or just put it into the README.md?
Thx
asurtih commented
I am having the same issue. What is the solution for this problem?
vire commented
@asurtih in config/environment.js of your ember-cli project, you add e.g.
ENV.contentSecurityPolicy = {
'connect-src': "'self' http://localhost:8080 http://0.0.0.0:8080",
'img-src': "'self' http://localhost:8080",
'script-src': "'self' http://localhost:8080 'unsafe-eval",
'media-src': "'self' http://localhost:8080",
'style-src': "'self' 'unsafe-inline' http://localhost:8080 http://0.0.0.0:8080"
};
and change your host:port