You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I deployed a simple codebuilder setup via Python and CDK, but visiting the github.setup.url just shows a blank page. The Javascript console has these errors (I've replaced sensitive IDs with <my-foo>):
Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src"). [<my-function>.lambda-url.eu-west-2.on.aws:7:1](https://<my-function>.lambda-url.eu-west-2.on.aws/?token=<my-token>)
Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src"). [<my-function>.lambda-url.eu-west-2.on.aws:28:1](https://<my-function>.lambda-url.eu-west-2.on.aws/?token=<my-token>)
Content Security Policy: The page's settings blocked the loading of a resource at https://<my-function>.lambda-url.eu-west-2.on.aws/favicon.ico ("img-src"). resource:186:19
Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src"). moz-extension:1:52727
This was in Firefox. I tried installing Google Chrome, and the page seems to work in that.
The text was updated successfully, but these errors were encountered:
Apparently Firefox doesn't support nonce in `Content-Security-Policy` and we must use `'unsafe-inline'`.
Beef up security with restrictions on `base-uri` and `object-src` while we're here.
Fixes#141
I deployed a simple codebuilder setup via Python and CDK, but visiting the
github.setup.url
just shows a blank page. The Javascript console has these errors (I've replaced sensitive IDs with<my-foo>
):This was in Firefox. I tried installing Google Chrome, and the page seems to work in that.
The text was updated successfully, but these errors were encountered: