Getting error while deploying React app

[bannarisoftwares]

Getting this error while deploying React app

Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[ConnorKirk]

Hi @bannarisoftwares, Thanks for opening an issue.

The default content security policy of the sample will block external scripts from being run by the browser. This is why you have received this error.

The content security policy is added by a CloudFront response headers policy included in the template. You can update this policy in https://github.com/aws-samples/amazon-cloudfront-secure-static-site/blob/77d1971b6f1a22ef0bb5f5df5550ca507f727672/templates/cloudfront-site.yaml#L146

Specifically, I think you will need to add a new entry to the script-src or script-src-elem directive. script-src

[Atticus29]

Hi, Connor! Could this person do something like: ContentSecurityPolicy: "default-src 'none'; img-src 'self'; script-src 'self' https://cdnjs.cloudflare.com; style-src 'self'; object-src 'none'"

or, do you think that they should include the entire URL like: ContentSecurityPolicy: "default-src 'none'; img-src 'self'; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js; style-src 'self'; object-src 'none'"

? Thanks!

[ConnorKirk]

This page shows examples of allowed values.

Only the domain is specified in a Content Security Policy, rather than a whole URL (including the path). So in your example script-src 'self' https://cdnjs.cloudflare.com/; is correct

[bannarisoftwares]

Thanks @ConnorKirk ... Very thanks...