After many different tries and approaches, I managed to successfully load a third party library to use in my plugin.
The library is located under
In my controller, I am able to successfully load the script via:
On some occasions in that file, the library creates Blobs and assigns them to variables that are being used. E.g.
And whenever I try to use the library in my plugin code, I get:
Refused to load the script 'blob:http://localhost:4200/f33a6788-a853-4286-883a-48cb8e2c9cc1' because it violates the following Content Security Policy directive: "script-src http://localhost:4200/assets/ etc etc...
What would be the best way to work around this?
Thank you for any help and pointers!
What if you just add
http://localhost:4200 to the CSP?
I’ve actually tried that, and it didn’t change anything
Tried that as well, but that’s an invalid statement for a CSP
For anyone stumbling upon this, the correct line to add to to csp script src is
Wait! You don’t need to implement CSP in development, you are not at risk from attackers?
It will also block some developer tools potentially.
Just turn this setting OFF:
I would delay this headache until you have a working plugin testing on a production staging server.
I was indeed in the phase of getting it ready for production, so this was the last headache to be resolved. And besides, I don’t like to delay these things, especially when I need to find out if they could be a potential deal breaker and I need to find another avenue altogether
Yes but you should be working on the CSP config on the production staging server that has a real internet address.
Localhost is not an internet address! It’s not even https …
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.