Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP restrictions broke bull-board UI #91

Closed
vlada79 opened this issue Mar 24, 2020 · 4 comments · Fixed by #149
Closed

CSP restrictions broke bull-board UI #91

vlada79 opened this issue Mar 24, 2020 · 4 comments · Fixed by #149
Assignees
@vcapretz
Labels
bug Something isn't working enhancement New feature or request

Comments

@vlada79
Copy link

vlada79 commented Mar 24, 2020
edited
Loading

Due to CSP browser restrictions UI is not working any more in Chrome/FF. Please use window.location.pathname instead of passing basePath via window object (this would allow us to skip inlined <script> tag).
@vlada79
Copy link
Author

vlada79 commented Mar 24, 2020

Here is the exact error message I got:

Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data:". Either the 'unsafe-inline' keyword, a hash ('sha256-JQ8P/kftdTOmqTk22YgMnj13Xuwy9oFjpQGrD1RF8ZE='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

@vcapretz
Copy link
Contributor

Hey, sorry for the delay! great catch 😄

I'll take a look into this, the suggested fix would indeed make the code a bit simpler

@vcapretz vcapretz self-assigned this Apr 24, 2020
@vcapretz vcapretz added enhancement New feature or request bug Something isn't working labels Apr 24, 2020
@gabrielstuff
Copy link

Hello @vlada79 we run bull-board without issues. Could you tell us the context where you met this issue ?

Thanks

@kevinlangleyjr
Copy link

I ran into the same issue when using helmet with my app and bull-board is just one of the routes that the middleware is applied to.

@felixmosh felixmosh mentioned this issue Nov 3, 2020
Merged
felixmosh added a commit that referenced this issue Nov 5, 2020
@felixmosh
Read base path from <base>, removes the inline scripts, fixes #91 #130 (
cbc3830 
#149)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vcapretz vcapretz

Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Read base path from <base>, removes the inline scripts
4 participants
@gabrielstuff @vlada79 @kevinlangleyjr @vcapretz