Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: Error in browser console: report-only Content Security Policy '' was delivered via a <meta> element, which is disallowed. #5

Closed
amits97 opened this issue May 19, 2022 · 5 comments
Closed

[BUG]: Error in browser console: report-only Content Security Policy '' was delivered via a <meta> element, which is disallowed. #5

amits97 opened this issue May 19, 2022 · 5 comments
Assignees
@josh-hemphill
Labels
bug Something isn't working released

Comments

@amits97
Copy link

amits97 commented May 19, 2022

The following error is showing up in the browser when using vite-plugin-csp:

The report-only Content Security Policy '' was delivered via a <meta> element, which is disallowed. The policy has been ignored.

Is there a way to remove the Content-Security-Policy-Report-Only meta tag from the page?

Thanks
@amits97 amits97 added the bug Something isn't working label May 19, 2022
@amits97
Copy link
Author

amits97 commented May 20, 2022
edited
Loading

Update: was able to remove the Content-Security-Policy-Report-Only meta tag using processFns:

cspPlugin({
  policy: {
    ...
  },
  processFn: [
    (ctx, parsedHeaders) => {
      delete parsedHeaders['Content-Security-Policy-Report-Only'];   // <-- remove from parsedHeaders
    },
  ],
})

Not sure if I like it, but it works 😀

@amits97 amits97 closed this as completed May 20, 2022
josh-hemphill added a commit that referenced this issue May 20, 2022
@josh-hemphill
feat: ⬆️ upgrade deps, and add QoL options
85e3aff 
fix `onDev` option; add option (`injectReporting`) to disable skipping `Report` directives by default in injection; upgrade dependencies

fixes #5 ; fixes #4
github-actions bot pushed a commit that referenced this issue May 20, 2022
@semantic-release-bot
chore(release): 1.1.0 [skip ci]
a221cc3 
# [1.1.0](v1.0.1...v1.1.0) (2022-05-20)

### Features

* ⬆️ upgrade deps, and add QoL options ([85e3aff](85e3aff)), closes [#5](#5) [#4](#4)
@github-actions
Copy link

🎉 This issue has been resolved in version 1.1.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@amits97
Copy link
Author

amits97 commented May 21, 2022

@josh-hemphill Thank you so much for working on an update so fast! Appreciate it 😊

However, when I updated vite-plugin-csp to 1.1.0, I'm seeing the following error:

failed to load config from /Users/amitsn/workspace/seller-panel/packages/seller-panel/vite.config.mjs
error when starting dev server:
file:///Users/amitsn/workspace/seller-panel/node_modules/vite-plugin-csp/dist/index.js:20

...

SyntaxError: The requested module 'css-tree' does not provide an export named 'default'
    at ModuleJob._instantiate (node:internal/modules/esm/module_job:128:21)
    at async ModuleJob.run (node:internal/modules/esm/module_job:194:5)
    at async Promise.all (index 0)
    at async ESMLoader.import (node:internal/modules/esm/loader:385:24)
    at async importModuleDynamicallyWrapper (node:internal/vm/module:437:15)
    at async loadConfigFromFile (/Users/amitsn/workspace/seller-panel/node_modules/vite/dist/node/chunks/dep-e1fc1d62.js:61903:31)
    at async resolveConfig (/Users/amitsn/workspace/seller-panel/node_modules/vite/dist/node/chunks/dep-e1fc1d62.js:61436:28)
    at async createServer (/Users/amitsn/workspace/seller-panel/node_modules/vite/dist/node/chunks/dep-e1fc1d62.js:59843:20)
    at async CAC.<anonymous> (/Users/amitsn/workspace/seller-panel/node_modules/vite/dist/node/cli.js:688:24)

josh-hemphill added a commit that referenced this issue May 21, 2022
@josh-hemphill
fix: 🐛 css-tree imports esm
1e9528a 
addresses #5#issuecomment-1133634972
github-actions bot pushed a commit that referenced this issue May 21, 2022
@semantic-release-bot
chore(release): 1.1.1 [skip ci]
7f870bc 
## [1.1.1](v1.1.0...v1.1.1) (2022-05-21)

### Bug Fixes

* 🐛 `css-tree` imports esm ([1e9528a](1e9528a)), closes [#5](#5) [#issuecomment-1133634972](https://github.com/josh-hemphill/vite-plugin-csp/issues/issuecomment-1133634972)
@josh-hemphill
Copy link
Owner

It should be fixed now. Let me know if you run into issues

@amits97
Copy link
Author

amits97 commented May 22, 2022

Perfect! Works well now. Thank you 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@josh-hemphill josh-hemphill

Labels
bug Something isn't working released
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amits97 @josh-hemphill