Content Security Policy

[michaellouieloria]

I think you should add in the readme the proper entries for the content security policy because it's causing some errors.

https://atmospherejs.com/meteor/browser-policy package can set the security policies

Sample error message
Refused to execute inline script because it violates the following Content Security Policy

Fix (add in server)
BrowserPolicy.content.allowInlineScripts();
BrowserPolicy.content.allowOriginForAll('.disquscdn.com');
BrowserPolicy.content.allowOriginForAll('.disqus.com');
BrowserPolicy.content.allowOriginForAll('*.google-analytics.com');

[dvzrd]

Hey, so how did you get browser policy to work with this package?

I'm getting this error every time even though I added the fixes you recommended.

 Refused to load the script 'http://undefined.disqus.com/embed.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' http://.disquscdn.com https://.disquscdn.com http://.disqus.com https://.disqus.com http://*.google-analytics.com https://*.google-analytics.com http://fonts.googleapis.com http://fonts.gstatic.com".

Appreciate any help on this, thanks.

[michaellouieloria]

try adding the other links like

BrowserPolicy.content.allowOriginForAll('.gstatic.com');
BrowserPolicy.content.allowOriginForAll('.googleapis.com');