ember-cli yelling can't load script because it violates csp though I followed the docs on this repo about ember-cli-content-security-policy HOT 6 CLOSED

I have the same issue with Ember-fire:

[Report Only] Refused to load the script 'https://cdn.firebase.com/js/client/2.0.5/firebase.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729".

[Report Only] Refused to load the script 'https://cdn.firebase.com/libs/emberfire/1.3.1/emberfire.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729".

from ember-cli-content-security-policy.

@mankind I believe the problem is that you're using an URL instead of just the scheme plus the FQDN.

https://api.stripe.com/v1 should really be https://api.stripe.com

Take a look at this: http://content-security-policy.com/#source_list

Hope this helps

@JDillon522 could you post the relevant portion of your config/environment.js, please?

from ember-cli-content-security-policy.

I eventually got it working by doing:

contentSecurityPolicy: {
    'default-src': "'none'",
    'script-src': "'self' 'unsafe-eval' https://cdn.firebase.com/ ",
    'font-src': "'self'",
    'connect-src': "'self'",
    'img-src': "'self'",
    'style-src': "'self'",
    'media-src': "'self'"
  }

Sadly for this thread, I ended up totally rebooting that project and going about things a different way. So I cant offer much else.

from ember-cli-content-security-policy.

@JDillon522 that looks like the correct approach, though.

from ember-cli-content-security-policy.

solution here for anyone who finds this: FirebaseExtended/emberfire#175

from ember-cli-content-security-policy.

I think this issue can be closed. @mankind do you mind closing?

from ember-cli-content-security-policy.