When the page includes a CSP header like <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'self'">, the injected script is not allowed to run.
It's hard or impossible to allow the script by simply modifying the meta tag, but it can be handled in live-server by modifying the CSP dynamically.
I'm guessing this would be considered too niche to bother including and maintaining, so I'm opening this issue mainly so other people can find this solution if searching for it. But if interested, I could open a PR.
(I dropped the event stream (es) approach since it made it easier to operate on the whole file content, and I don't see this as much of a problem since it was already synchronously reading the file into memory. But it could use some restructuring.)
Before submitting an issue, please, see https://github.com/tapio/live-server#troubleshooting
Issue description
When the page includes a CSP header like
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'self'">, the injected script is not allowed to run. It's hard or impossible to allow the script by simply modifying the meta tag, but it can be handled inlive-serverby modifying the CSP dynamically.I've solved this in a fork, published as @1j01/live-server.
I'm guessing this would be considered too niche to bother including and maintaining, so I'm opening this issue mainly so other people can find this solution if searching for it. But if interested, I could open a PR.
(I dropped the event stream (
es) approach since it made it easier to operate on the whole file content, and I don't see this as much of a problem since it was already synchronously reading the file into memory. But it could use some restructuring.)Software details
live-server:live-serverversion: 1.2.1