search

MiniProfiler / rack-mini-profiler

Profiler for your development and production Ruby rack apps.
MIT License
3.7k stars 402 forks source link

Refused to load the script #485

Closed SufyanIqbal1622 closed 3 years ago

SufyanIqbal1622 commented 3 years ago

Content Security Policy: The page’s settings blocked the loading of a resource at http://localhost:3000/mini-profiler-resources/includes.js?v=644e88e41aaa4b3ea7e36f7c445b7bfd (“script-src”). image

Code47X commented 3 years ago

Running into this on fresh rails projects. Also looking for a solution.

CalvinWalzel commented 3 years ago

I'm not familiar with content security policies, but setting them up like this made it work for me with a fresh rails project:

Rails.application.config.content_security_policy do |policy|
  # These are some sane defaults
  policy.default_src :self, :https
  policy.font_src    :self, :https, :data
  policy.img_src     :self, :https, :data
  policy.object_src  :none
  policy.script_src  :self, :https
  policy.style_src   :self, :https

  # This fixes rack mini profiler
  policy.script_src_elem :self, :unsafe_inline if Rails.env.development?
  policy.style_src_elem  :self, :unsafe_inline if Rails.env.development?
  policy.connect_src *policy.connect_src, :self if Rails.env.development?
end

They can be found in config/initializers/content_security_policy.rb

Code47X commented 3 years ago

That did the trick, thanks @CalvinWalzel

SufyanIqbal1622 commented 3 years ago

Thanks @CalvinWalzel