We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I'm running ember-cli in dev on a custom domain. My /etc/hosts looks like
/etc/hosts
127.0.0.1 my-app.dev.local
Then I access my Ember app at http://my-app.dev.local:4200. Ember works fine and LiveReload works fine. But in my console, I see
http://my-app.dev.local:4200
Content Security Policy violation: { "csp-report": { "document-uri": "http://my-app.dev.local:4200/canary/authentication/sign-in", "referrer": "http://my-app.dev.local:4200/canary/authentication/sign-in", "violated-directive": "script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729", "effective-directive": "script-src", "original-policy": "img-src 'self' https://secure.gravatar.com/; connect-src 'self' http://app.dev.local ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report; default-src 'none'; script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729; font-src 'self'; style-src 'self'; media-src 'self'; report-uri http://0.0.0.0:4200/csp-report;", "blocked-uri": "http://my-app.dev.local:35729", "source-file": "http://my-app.dev.local:4200/canary/ember-cli-live-reload.js", "line-number": 6, "column-number": 43, "status-code": 200 } } Content Security Policy violation: { "csp-report": { "document-uri": "http://my-app.dev.local:4200/canary/authentication/sign-in", "referrer": "http://my-app.dev.local:4200/canary/authentication/sign-in", "violated-directive": "connect-src 'self' http://app.dev.local ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report", "effective-directive": "connect-src", "original-policy": "img-src 'self' https://secure.gravatar.com/; connect-src 'self' http://app.dev.local ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report; default-src 'none'; script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729; font-src 'self'; style-src 'self'; media-src 'self'; report-uri http://0.0.0.0:4200/csp-report;", "blocked-uri": "ws://my-app.dev.local:35729", "source-file": "http://my-app.dev.local:35729", "line-number": 74, "column-number": 21, "status-code": 200 } }
The relevant portion of my config/environment.js looks like
config/environment.js
contentSecurityPolicy: { 'img-src': "'self' https://secure.gravatar.com/", 'connect-src': "'self' http://app.dev.local" },
The text was updated successfully, but these errors were encountered:
It's possible this issue belongs on https://github.com/rwjblue/ember-cli-content-security-policy -- specifically around https://github.com/rwjblue/ember-cli-content-security-policy/blob/bb9a5ce76fdb116806c209d192c8f08d384eeb24/index.js#L37-L42
Sorry, something went wrong.
No branches or pull requests
I'm running ember-cli in dev on a custom domain. My
/etc/hosts
looks likeThen I access my Ember app at
http://my-app.dev.local:4200
. Ember works fine and LiveReload works fine. But in my console, I seeThe relevant portion of my
config/environment.js
looks likeThe text was updated successfully, but these errors were encountered: