search

nadavshatz / ember-cli-foundation-sass

Automatically sets up Foundation 5 SASS in your Ember CLI app.
https://www.npmjs.org/package/ember-cli-foundation-sass
MIT License
68 stars 18 forks source link

missing default contentSecurityPolicy #18

Closed vire closed 9 years ago

vire commented 9 years ago

Hi, having a default EmberApp configuration: 

var app = new EmberApp({
    'ember-cli-foundation-sass': {
        'modernizr': true,
        'fastclick': true,
        'foundationJs': 'all'
    }
});

results into:

[Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

Wouldn't it be good to add somehove into the environment's contentSecurityPolicy necessary updates, or just put it into the README.md?

Thx

asurtih commented 9 years ago

I am having the same issue. What is the solution for this problem?

vire commented 9 years ago

@asurtih in config/environment.js of your ember-cli project, you add e.g.

ENV.contentSecurityPolicy = {
        'connect-src': "'self' http://localhost:8080 http://0.0.0.0:8080",
        'img-src': "'self' http://localhost:8080",
        'script-src': "'self' http://localhost:8080 'unsafe-eval",
        'media-src': "'self' http://localhost:8080",
        'style-src': "'self' 'unsafe-inline' http://localhost:8080 http://0.0.0.0:8080"
    };

and change your host:port