successible/cleanslate

Can't scan barcode due to CSP

Closed this issue · 1 comments

Happening in Safari (macOS, iOS), Chrome macOS and Firefox macOS:

Uncaught (in promise) RuntimeError: Aborted(CompileError: WebAssembly.instantiate(): Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://apis.google.com https://www.google.com https://www.gstatic.com"). Build with -s ASSERTIONS=1 for more info.
    at J (zbar.js:270:11)
    at zbar.js:773:13

There are also multiple CSP related error messages before that:

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (app.cleanslate.sh, line 0)
[Error] Refused to load blob:https://app.cleanslate.sh/c9c1c019-36aa-4ee3-877f-b45f8ecd8919 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (app.cleanslate.sh, line 0)
[Error] Refused to load blob:https://app.cleanslate.sh/d196d6a2-aca3-4ac3-8c73-c4b747361db0 because it does not appear in the script-src directive of the Content Security Policy.
[Error] Unable to post message to https://cleanslate.sh. Recipient has origin https://app.cleanslate.sh.

[Log] Registering the service worker at https://app.cleanslate.sh/service-worker.js (register-service-worker.js, line 19)
[Log] ServiceWorkerRegistration (_app-7af471563e27e11d.js, line 1463)
[Log] Checking for an update to the service worker... (_app-7af471563e27e11d.js, line 1463)
[Error] Refused to load blob:https://app.cleanslate.sh/4e5eb75c-e379-4c57-8c48-b400a3e7e6b1 because it does not appear in the worker-src directive of the Content Security Policy.
[Log] d4e0667 – "d4e0667" (_app-7af471563e27e11d.js, line 1463)
[Error] Blocked a frame with origin "https://app.cleanslate.sh" from accessing a frame with origin "https://clean-slate-sila-llc.firebaseapp.com". Protocols, domains, and ports must match.
	a (_app-7af471563e27e11d.js:1463:3277)

Ok, this should be fixed! You may have to clear the cache for the change to apply.