I am trying to upload my vuejs app to heroku and it wasn't wprking so I used this tutorial. I added the tag below to the head of my index.html
<meta http-equiv="Content-Security-Policy" content="default-src 'self' http://localhost:5000 'unsafe-inline' 'unsafe-eval'; script-src 'self' http://localhost:5000 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src *">
And it still doesn't work. I get the error below in my console:
Refused to load the image 'data:image/svg+xml;base64,_IMAGE_DATA' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
How do I resolve this please?
I've checked other cordova related answers on stack overflow but none of them seem to work for me.
Let's try this way.
Have you used the url-loader in Webpack?
If the answer is Yes, it's will work when you remove the code that looks like:
module: {
rules: [
{// remove the block
test: /\.(png|jpe?g|gif|svg)(\?.*)?$/,
loader: 'url-loader',
options: {
limit: 10000,
name: utils.assetsPath('img/[name].[hash:7].[ext]')
}
},
]
}
It's will not refer the image use base64 when use file-loader to replace url-loader.
Related
I'm hosting my App on an EC2-instance behind an Elastic Load Balancer which manages my SSL-Certificate. On this EC2-Instance my nginx-configuration is redirecting all http-Requests to https.
I recently switched to Vite which caused me a lot of trouble. When I push my app to the server after calling npm run build my assets are blocked. In the browser console I get:
Mixed Content: The page at 'example.com' was loaded over HTTPS, but requested an insecure ...
My Setup:
vite.config.js
export default defineConfig({
server: {
host: 'localhost',
},
plugins: [
laravel([
'resources/assets/sass/app.sass',
// etc...
]),
vue({
template: {
transformAssetUrls: {
base: null,
includeAbsolute: false,
},
},
}),
],
});
Setting "https: true" in the server-block didn't help me.
.env
APP_ENV=production
APP_URL=https://example.com
ASSET_URL=https://example.com
In my blade template I'm using the Vite-directive:
#vite('resources/assets/sass/app.sass')
I tried the following solutions:
Setting $proxies = '*' in TrustProxies.php, which doesn't have any effect.
Setting URL::forceScheme('https'); in AppServiceProvider.php, which will load the assets but lead to a lot of other issues.
Somehow the #vite-directive is not resolving my assets as secure assets. With Laravel Mix I could just call secure_asset.
How can I fix this?
In the end I used the TrustedProxies-middleware. However back then I forgot to register it as global middleware.
import fs from 'fs';
const host = 'example.com';
server: {
host,
hmr: {host},
https: {
key: fs.readFileSync(`ssl-path`),
cert: fs.readFileSync(`ssl-cert-path`),
},
},
you should add this to vite.config.js file along with ASSET_URL to your .env file
This does not appear to break anything that I can see but when I dismiss an Infobar the below is logged.
week:1
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'nonce-aBqgvw/jWGVEtnMFOtR0XQ==' *.res.office365.com *.fluidpreview.office.net *.cdn.office.net wss://*.delve.office.com:443 shellprod.msocdn.com amcdn.msauth.net amcdn.msftauth.net *.bing.com *.skype.com *.skypeassets.com *.delve.office.com *.cdn.office.net static.teams.microsoft.com *.googleapis.com teams.microsoft.com cdn.forms.office.net blob: 'report-sample' 'self' 'wasm-unsafe-eval' *.yammer.com". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
owa.Addins.js:2
Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'toString')
at owa.Addins.js:2:961463
at Array.filter (<anonymous>)
at _e (owa.Addins.js:2:961438)
at $e (owa.Addins.js:2:92056)
at owa.Addins.js:2:92197
at u (owa.ven.extframework.js:2:245162)
at m (owa.74191.js:1:5364)
at Ln (owa.ven.extframework.js:2:73851)
at l (owa.ven.extframework.js:2:245026)
at a (owa.ven.extframework.js:2:243749)
Sample code that generated the Infobar:
Office.context.mailbox.item.notificationMessages.replaceAsync(
"status",
{
type: Office.MailboxEnums.ItemNotificationMessageType.ErrorMessage,
message: "Test error message",
},
I try to set vue-cli with scss, but everythin what I found is one huge mess. I added scss-loader, css-loader and style-loader. I created some style.scss and import it in my main.js file:
webpack.base.conf:
...
module: {
rules: [
...
{
test: /\.s[ac]ss$/i,
use: [
'style-loader',
'css-loader',
'sass-loader',
],
},
...
and in main.js just
import './style.scss';
Nothing special, but then I got an error:
Refused to load the image 'http://localhost:8080/favicon.ico' because
it violates the following Content Security Policy directive:
"default-src 'none'". Note that 'img-src' was not explicitly set, so
'default-src' is used as a fallback.
I never ever before got something like that. I tried add:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *;**script-src 'self' http://onlineerp.solution.quebec 'unsafe-inline' 'unsafe-eval';** ">
as some solutions say, but it give me nothing. What strange, It occured after I add this few loaders. So my guestions:
1. what it is (Content Security Policy), and why it occure, expecially why it occure after I add css-loader, style-loader and scss-loader
2. what I'm doing wrong? I really don't know what I doing wrond and how to fix it
3. I so, that I can no use Content Security Policy, but how to disable it?
Can someone guide me how to configure generator-webapp to use HTTPS instead of HTTP.
Tried https option and specified key files but somehow I made something wrong.
Thanks.
Figured it out by myself. All that needs to be done was to add https. The rest will be handled by browserSync. It also assigns a self-signed certificate.
browserSync: {
options: {
notify: false,
background: true,
watchOptions: {
ignored: ''
},
https: {
key: '',
cert: ''
}
},
I am using Karma (v0.12.37) as test runner along with JSPM (v0.16.2). I have added following proxy config in karma so as to allow proper loading of JSPM files:
proxies: {
'/base/jspm_packages/': '/base/app/jspm_packages/'
}
Bu this doesn't work out and fails on following:
PhantomJS 2.0.0 (Windows 8 0.0.0) ERROR: 'Potentially unhandled rejection [10] Error: XHR error loading http://localhost:9876/base/jspm_packages/npm/babel-core#5.8.22.js
Error loading http://localhost:9876/base/jspm_packages/npm/babel-core#5.8.22.js
Error loading http://localhost:9876/base/app/pages/examples/todo-example/todo.controller.test.js'
Debug Logs are giving:
proxying request - /base/jspm_packages/npm/babel-core#5.8.22.js to localhost:9876
/base/app/jspm_packages/npm/babel-core#5.8.22.js { host: 'localhost',
port: 9876,
baseProxyUrl: '/base/app/jspm_packages/',
https: false }
But the following url containing 'app' in it works properly:
http ://localhost:9876/base/ app/ jspm_packages/npm/babel-core#5.8.22.js
Any clue on what is going wrong?
Try:
proxies: {
'/app/': '/base/app/',
'/jspm_packages/': '/base/jspm_packages/'
}
If you have configured your jspm-config with a baseUrl of "/", try removing the baseUrl entry since karma-jspm does not support a custom baseUrl. Then you should be able to get rid of the "proxies" entry for the jspm_packages.
See: https://github.com/Workiva/karma-jspm/issues/91
After having done lot of trial and error, found out the following way:
Instead of playing with proxies, alter the jspm paths config in karma.config.js
jspm: {
...
paths: {
"github:*": "app/jspm_packages/github/*",
"npm:*": "app/jspm_packages/npm/*",
'app/*': 'app/*.js'
},
...
},
What finally did the trick for me (karma, babel, JSPM/SystemJS) was to have this:
Remove baseUrl from the karma.conf.js and have this jspm section:
jspm: {
config: 'config.js',
loadFiles: [
'www/**/*.spec.js'
],
serveFiles: [
'www/**/!(*spec).js'
],
paths: {
"github:*": "/base/jspm_packages/github/*",
"npm:*": "/base/jspm_packages/npm/*",
'www/*': '/base/www/*'
}
},