Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refused to execute JavaScript URL #217

Closed
mohammedESSABRI opened this issue Jun 18, 2018 · 4 comments
Closed

Refused to execute JavaScript URL #217

mohammedESSABRI opened this issue Jun 18, 2018 · 4 comments
Milestone
2.0.0

Comments

@mohammedESSABRI
Copy link

Tell us where you are using Dejavu (Hosted web app, Chrome extension, Docker Image, Within appbase.io)

Chrome extension

What is the version of Dejavu that you are using?

1.6.1

Describe the issue that you are seeing, or the feature request :-), include any screenshots as necessary.

When trying to perform a query, it shows Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

Only default view is working

If your issue deals with accessing Elasticsearch cluster, share the necessary steps to replicate the behavior (the configuration.yml settings, where your ES cluster is hosted, any relevant logs).
If your issue deals with a UI issue, share with us a screenshot of the failing network request or the browser console log showing the error.
@siddharthlatest
Copy link
Member

siddharthlatest commented Jun 18, 2018
edited

@mohammedESSABRI I am not able to replicate the issue. Can you share the following details?

  1. What query are you running?
  2. Which of the query operations from below have you selected?
  3. Can you share console logs relevant to the error?

@mohammedESSABRI
Copy link
Author

Dear @siddharthlatest,

I try just to update a doc using the interface but is not working, here is the error:

index.html#?input_state=XQAAAAJtBAAAAAAAAAA9iIqnY-B2BnTZGEQzY8iwkHG0t_gDNgV…40q9U3DyyHs0XAZQAC5BLQfT2veiDBFnGDfaWM0aHhgjGXsGzt___2qQkA&editable=true:1 Uncaught (in promise) SyntaxError: Unexpected token N in JSON at position 0
    at parse (<anonymous>)

Also it showed this error:

Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

Thanks and best regards,

@siddharthlatest
Copy link
Member

@mohammedESSABRI Afaict, we don't use inline script blocks but still going to confirm this. Could it be possible that some other extension you have is trying to inject a script tag? One way to know for sure is for you to enable Dejavu to work in Incognito mode and try it there (see below screenshot, you can do this from your chrome://extensions page, click on Details button on the Dejavu extension)

I suspect that might be the case as I don't see this error (or haven't heard about it from any other user till now).

@siddharthlatest
Copy link
Member

Closing this due to inactivity - also, dejavu (as chrome extension) can run in incognito mode starting 2.0.0.

@siddharthlatest siddharthlatest added this to the 2.0.0 milestone Aug 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0.0
Development

No branches or pull requests
2 participants
@siddharthlatest @mohammedESSABRI