My locale NUXT JavaScript files are being blocked by Content Security Policy

I've been working on implementing CSP headers for my website to ensure data is loaded from trusted sources.

However, I'm facing an issue where CSP is blocking my local JS files. Here's a snippet from my nuxt.config.js:

const self = 'localhost:*'
render: {
    csp: {
        reportOnly:false,
        addMeta: true,
        policies: {
            'default-src': [self],
            'script-src': [self, 'unsafe-inline','strict-dynamic'],
            'style-src': [self,'unsafe-inline'],
            'img-src':[self,'data:'],
            'object-src':[self,'self']
        }
    }
},

The following files are being blocked:

http://localhost:3500/_nuxt/runtime.js
http://localhost:3500/_nuxt/layouts/default.js
http://localhost:3500/_nuxt/pages/index.js
http://localhost:3500/_nuxt/commons/app.js
http://localhost:3500/_nuxt/vendors/app.js
http://localhost:3500/_nuxt/app.js

The error message reads:

Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'sha256-6SIdoCBgtiLdpIihMzGUvd5OCiaDdcIHhB8Tzkn9l8M='". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

To delve deeper into this issue, I recommend checking the header request in the network tab for more insights. It's strange how sometimes it loads the same JS file and other times throws an error...

https://i.stack.imgur.com/n6tNZ.png

javascriptvue.jssecuritynuxt.js

Answer №1

Referencing examples from mdn documentation below might help in solving your issue. For more detailed examples, please visit here

Example 1

If a web site administrator wants all content to come from the site's own origin (excluding subdomains), they can use:

Content-Security-Policy: default-src 'self'

Example 2

To allow content from a trusted domain and its subdomains (not necessarily the same domain as the CSP is set on), an administrator can use:

Content-Security-Policy: default-src 'self' trusted.com *.trusted.com

Example 3

In case a web site administrator aims to enable users of a web application to include images from any origin in their content, while restricting audio or video media to trusted providers, and scripts only to a specific server hosting trusted code, they can implement:

Content-Security-Policy: default-src 'self'; img-src *; media-src media1.com media2.com; script-src userscripts.example.com

This setup allows content only from the document's origin by default, with certain exceptions such as allowing images from any source, limiting media to specified domains, and permitting scripts from a designated server.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Trouble Loading TypeScript Class in Cast Situation

I've encountered an issue with my TypeScript model while using it in a cast. The model does not load properly when the application is running, preventing me from accessing any functions within it. Model export class DataIDElement extends HTMLElement ...

javascriptangularjstypescript

Endless cycle occurs when an asynchronous action is dispatched within useEffect

I encountered a never-ending loop problem when I added a dispatch function in my code within the useEffect hook. Despite looking into similar issues raised by others, I still can't seem to figure out the root cause of the problem. Here is how my compo ...

javascriptreactjsuse-effect

Click the button to save the text to your clipboard with a customized

Can anyone suggest a method for duplicating div text using JavaScript while preserving the style attributes (italics, font family, size, etc.)? My goal is to paste the copied text into Word and have it maintain the same appearance as on the webpage. For e ...

javascripthtml

bootstrap modal dialog displayed on the edge of the webpage

I am facing an issue with a modal dialog that pops up when clicking on a thumbnail. The JavaScript code I used, which was sourced online, integrates a basic Bootstrap grid layout. The problem arises when half of the popup extends beyond the edge of the pa ...

javascripthtmlcsstwitter-bootstrapmodal-dialog

Unable to dispatch actions within the mounted lifecycle hook in Vuex?

Can anyone explain why the json data I fetch with axios is not populating my state.pages as expected? Interestingly, when I make a change to the file and vite reloads, the data appears on the page. However, it disappears again upon refreshing the browser. ...

javascriptvue.jsvuexvuejs3

What is the most effective way to retrieve 'this' within an object method that is being used as a callback function?

I am currently working on a word game project to enhance my understanding of JavaScript, especially since I am new to it. To facilitate user interaction, I am utilizing the NPM package prompt (https://www.npmjs.com/package/prompt). Coming from an OOP back ...

javascriptnode.jscallbackthis

dividing an HTML string into individual variables using JavaScript

How can a string be split in pure JavaScript (without using JQuery/dojo/etc) in the most efficient and straightforward way? For example: var tempString = '<span id="35287845" class="smallIcon" title="time clock" style="color:blue;font-size:14px;" ...

javascripthtml

AngularJS and adding to an array in the routing process

I'm currently working on creating a contact list with two different views. One view displays all the contacts and includes an option to add a new contact, which is represented by a button rather than a space to input information directly. The other vi ...

javascriptangularjsangular-ui-router

Personalize the Facebook like button to suit your preferences

I have posted my code on jsfiddle. You can find the link here: http://jsfiddle.net/QWAYE/1/. I have also included another sample code in this link: http://jsfiddle.net/MCb5K/. The first link is functioning correctly for me, but I want to achieve the same a ...

javascriptfacebook-like

The DOM element fails to load when utilizing the ng-view attribute

Recently, I have started working with AngularJS for my first web application and everything is running smoothly. However, I am now looking to integrate some charts using jQuery. The issue arises when trying to load a chart upon clicking on a menu item in ...

javascriptjqueryangularjs

The continuation of unraveling the mystery of utilizing `overflow-y:scroll` in a horizontal slider

As a beginner, I realized too late that adding code in comments is not an option. Consequently, I decided to create a new question and ask for your assistance once again. To optimize the use of space, I have implemented bxSlider with fixed dimensions (wid ...

javascriptjqueryhtmlcss

Encountering an issue while executing grunt-contrib-imagemin

Encountering a permissions issue while attempting to execute the grunt-contrib-imagemin script. The installation of grunt-contrib-imagemin was done as follows: npm install --save-dev grunt-contrib-imagemin Node and npm are both installed in my local user ...

javascriptgruntjsnpmimagemin

The value returned by $(this).next() is undefined

I'm struggling to implement jQuery functionality to toggle the display of a div, but I am encountering an issue where my jQuery code is unable to select it. Every time I try, it returns undefined. Can anyone provide assistance? $(document).on(&apos ...

javascriptjqueryhtml

Capture a snapshot of a webpage that includes an embedded iframe

Currently, we have a nodeJS/angular 4 website that contains an iframe from a third party (powerBI Emebdded). Our goal is to develop a feature that allows the end user to capture a screenshot of the entire page, including the content within the iframe. We ...

javascripthtmlnode.jsangulardom

How to dynamically change the color of a button in a list in Vue.js when it is clicked

I am working on a dynamic list of buttons that are populated using an array of objects: <div class="form-inline" v-for="(genre, index) in genreArray" :key="index" > ...

javascripthtmlcssvue.jsobject

Looking to implement pagination in Vue.js - what steps should I take?

Hi there, I'm currently facing an issue while trying to paginate my data. The error message in my console reads: Property or method "$index" is not defined on the instance but referenced during render. Below is my HTML template where I display the da ...

javascriptvue.js

What causes the picturesArray to remain consistently void?

const fetch = require("node-fetch"); let images = []; fetch('http://www.vorohome.com//images/assets/159314_887955.png') .then(response => response.buffer()) .then(buffer => { const data = "data:" + response.headers.get ...

javascriptnode.jsecmascript-6

What steps can I take to improve this code and prevent the error "Property 'patient' does not exist on type 'Request<ParamsDictionary>'" from occurring?

I'm having some issues with my code. I am attempting to use passport authenticate in order to save patient information that is specific to the token generated for each individual. router.get("/current", passport.authenticate("jwt", { session: false }) ...

javascriptnode.jstypescriptexpressrouter

In the Nuxt.js async method, there is an error stating that the property 'info' does not exist on the type 'Vue'

I'm currently working on storing an API response in the async method of my Nuxt js application within a variable called info. However, I keep encountering this error message: Property 'info' does not exist on type 'Vue'. Interestin ...

vue.jsvuejs2nuxt.js

In the realm of jQuery, erasing dynamically generated elements across multiple elements sharing the same index is a task

Currently, I am enhancing the select box dropdown and list of new fonts by adding custom font names. In addition to this, I also want to incorporate a feature for deleting fonts. For instance, when I delete font A from the list (which is currently functio ...

javascriptjquery