If I open the examples on a simple local python http dev server, everything works as expected.
But when I upload the repo examples to my server I get the following error:
Chrome 84:
foa-renderer.html:123 EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'".
at new Function (<anonymous>)
at new O (omnitone.min.js:17)
at z._initializeCallback (omnitone.min.js:17)
at new Promise (<anonymous>)
at z.initialize (omnitone.min.js:17)
at onLoad (foa-renderer.html:116)
Firefox 78.0.2:
EvalError: call to Function() blocked by CSP
O https://players.aplattform.net/build/omnitone.min.js:17
_initializeCallback https://players.aplattform.net/build/omnitone.min.js:17
initialize https://players.aplattform.net/build/omnitone.min.js:17
onLoad https://players.aplattform.net/foa-renderer.html:116
foa-renderer.html:123:17
Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf eval blockiert ("default-src").
If I disable the header line in nginx add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; the error disappears. This is a security concern, I think.
Thank you for your amazing work!
If I open the examples on a simple local python http dev server, everything works as expected.
But when I upload the repo examples to my server I get the following error:
Chrome 84:
Firefox 78.0.2:
If I disable the header line in nginx
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
the error disappears. This is a security concern, I think.Can you confirm?