Cannot create new relations

[gythaogg]

Popups blocked by this JS error

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com ajax.googleapis.com cdn.rawgit.com *.acdh.oeaw.ac.at unpkg.com fonts.gstatic.com cdn.datatables.net code.highcharts.com *.acdh-dev.oeaw.ac.at *.acdh.oeaw.ac.at openstreetmap.org *.openstreetmap.org".

    at new Function (<anonymous>)
    at htmx.org@1.9.10:1:24672
    at Tr (htmx.org@1.9.10:1:35877)
    at HTMLAnchorElement.a (htmx.org@1.9.10:1:24647)
(anonymous) @ htmx.org@1.9.10:1
Tr @ htmx.org@1.9.10:1
a @ htmx.org@1.9.10:1Understand this error

This didn't happen when using apis-core v 0.27.0

[b1rger]

This was apprently introduced in acdh-oeaw/apis-core-rdf@a2e80fad3fcfc2903067a072de13af4d0406b

[gythaogg]

This was apprently introduced in acdh-oeaw/apis-core-rdf@a2e80fa

Thanks! Still a bit clueless on what it's complaining about though - because the bug isn't there in the discworld instance.

Should I create an issue in core?

[b1rger]

Oke, long debugging session later: as the error messages says, the problem is CSP, which enabled in our default settings, but which is not enabled in the discworld sample project. Apparently I did only test this commit with the sample project. For now it helps to add 'unsafe-eval' to the CSP_DEFAULT_SRC, but we should try to find a better fix. Therefore I suggest to only do this in the projects and not in the default settings.

Should I create an issue in core?

Yes, that would be great

[gythaogg]

Close this issue after upgrading to core that contains fix