ember.js - Configure CSP in an Ember CLI application which uses http-mock -

-

i'm using http-mock ember cli suggested on http://www.ember-cli.com/#ember-data. understand basic concept of csp don't understand configuration of within ember cli application.

how can configure application either accept requests localhost:4200/api/ avoid during development:

content security policy violation: {     "csp-report": {         "document-uri":"http://localhost:4200/products",         "referrer":"",         "violated-directive":"style-src 'self'",         "effective-directive":"style-src",         "original-policy":"default-src 'none'; script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729; font-src 'self'; connect-src 'self' ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report; img-src 'self'; style-src 'self'; media-src 'self'; report-uri http://0.0.0.0:4200/csp-report;",         "blocked-uri":"",         "source-file":"chrome-extension://alelhddbbhepgpmgidjdcjakblofbmce",         "line-number":1,"column-number":20481,"status-code":200     } }

you can adjust content security policy editing config/environment.js. believe in case, connect-src relevant error being thrown (edit: looks style-src being violated, possibly chrome extension awesome screenshot). adding * allow connect anything.

var env = {    ...    contentsecuritypolicy: {     'default-src': "'none'",     'script-src': "'self'",     'font-src': "'self'",     'connect-src': "'self' *",     'img-src': "'self'",     'style-src': "'self' *",     'media-src': "'self'"   } }

or more specifically, add:

... 'connect-src': "'self' 'localhost:4200'", ...

furthermore, if wanted add dev environment, put in:

if (environment === 'development') {   env.contentsecuritypolicy = {     ...(policies)...   } }

more information available csp in ember-cli: https://www.npmjs.com/package/ember-cli-content-security-policy.

more information csp in general: http://content-security-policy.com/


Comments

Post a Comment

Popular posts from this blog

angularjs - Showing an empty as first option in select tag -

-
my app showing empty select field first entry. have read other solution given , tried still not working. my controller code is: .controller('usercreatecontroller', function(user,profile,auth) { alert("hello"); var vm = this; vm.type = 'create'; profile.all() //this service fetch profiles shown in select field .success(function(data){ vm.profile = data; }); vm.userdata.profile = vm.profile[0]; //here have set default value select field and html page is: <label class="col-sm-2 control-label">profile</label> <div class="col-sm-8"> <select ng-model="user.userdata.profile" ng-options="person._id person.profilename person in user.profile"> </select> </div> hierarchy of vm.profile { "_id": 46, "profile": objectid("5516498e95b84548156db754"), "isactive": true, "password": "$2...
Read more

c++ - Print Preview in Qt -

-
i want preview page or want have print preview. preview window opening contents of qt window not comming in it. code print preview follows: void user::on_actionprintpreview_triggered() { qprinter printer(qprinter::highresolution); qprintpreviewdialog preview(&printer, this); connect(&preview, signal(paintrequested(qprinter *)), this, slot(print(qprinter *))); preview.exec(); } void user::print(qprinter *printer) { // print page qpainter painter(printer); int w = printer->pagerect().width(); int h = printer->pagerect().height(); qrect page(0, 0, w, h); qfont font = painter.font(); font.setpixelsize((w+h)/100); painter.setfont(font); painter.drawtext(page, qt::alignbottom | qt::alignright, qdatetime::currentdatetime(). tostring(qt::defaultlocaleshortdate)); page.adjust(w/20, h/20, -w/20, -h/20); } how can content of qt window in it. doing wrong. please m...
Read more

JavaScript function that prevents YouTube video playing at the same time (No iframe) -

-
just clarify, aware of youtube playback control required: player.pausevideo():void but know how can utilise without using iframe , javascript function needed, have multiple videos choose , want avoid videos playing @ same time. i have inserted videos youtube using code: <div id="apdiv10"><embed width="200" height="140" id="yt9" src="https://www.youtube.com/v/a2p17bdrgqu"></div> <div id="apdiv11"><embed width="200" height="140" id="yt10" src="https://www.youtube.com/v/membfbz_9we"></div> can provide run down me , how can apply function?
Read more