You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I open the examples on a simple local python http dev server, everything works as expected.
But when I upload the repo examples to my server I get the following error:
Chrome 84:
foa-renderer.html:123 EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'".
at new Function (<anonymous>)
at new O (omnitone.min.js:17)
at z._initializeCallback (omnitone.min.js:17)
at new Promise (<anonymous>)
at z.initialize (omnitone.min.js:17)
at onLoad (foa-renderer.html:116)
Firefox 78.0.2:
EvalError: call to Function() blocked by CSP
O https://players.aplattform.net/build/omnitone.min.js:17
_initializeCallback https://players.aplattform.net/build/omnitone.min.js:17
initialize https://players.aplattform.net/build/omnitone.min.js:17
onLoad https://players.aplattform.net/foa-renderer.html:116
foa-renderer.html:123:17
Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf eval blockiert ("default-src").
If I disable the header line in nginx add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; the error disappears. This is a security concern, I think.
Can you confirm?
The text was updated successfully, but these errors were encountered:
Thank you for your amazing work!
If I open the examples on a simple local python http dev server, everything works as expected.
But when I upload the repo examples to my server I get the following error:
Chrome 84:
Firefox 78.0.2:
If I disable the header line in nginx
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;the error disappears. This is a security concern, I think.Can you confirm?
The text was updated successfully, but these errors were encountered: