search

abuiles / ember-cli-101-errata

18 stars 4 forks source link

Violation of "Content Security Policy directive" (Chrome) #166

Open stefanbruvik opened 9 years ago

stefanbruvik commented 9 years ago

The Bill Murray image loads, but gives the following error in the console in Chrome:

[Report Only] Refused to load the image 'http://www.fillmurray.com/300/300' because it violates the following Content Security Policy directive: "img-src 'self'".
thijsvdanker commented 9 years ago

If you add

contentSecurityPolicy: {
      'default-src': "'none'",
      'script-src': "'self'",
      'font-src': "'self'",
      'connect-src': "'self'",
      'img-src': "'self' http://www.fillmurray.com",
      'style-src': "'self'",
      'media-src': "'self'"
    },

to your config/environment.js file like this: https://gist.github.com/thijsvdanker/65971d6b1fb94c48e804 Then the error goes away.