CSP and Chrome Extensions/Apps #1799

sascha53 opened this Issue May 18, 2016 · 3 comments


None yet

2 participants



i know there were some issues which should be resolved with the CSP-versions of riot and compiler. Still i can't get it working regardless of the CSP i use.
So my questions are:
Is it working for someone? And if yes, how? (Which CSP to use?)
Riot is awesone and i really like to use it for Chrome Extensions too.



hi you need to use a special riot releases riot.csp.js or riot+compiler.csp.js


Hi, i used riot+compiler.csp.js and it did not work. To make it work i should set a flag like 'unsafe-inline' in my CSP, but this is not working for newer versions of Chrome (in combination with Chrome extensions/apps). There is the possibility to use some kind of sandbox-mode for Chrome Apps, but it's not ideal.
But it is working if i precompile the tags to pure js. So riot.csp.js with precompiled tags is working out of the box, riot+compiler.csp.js without unprecompiled tags is not working out of the box (maybe the sandbox-mode i mentioned is a workaround, maybe not).
Maybe this is helpful for other people and you will add some info in the docs or the file itself. (Or drop the riot+compiler.csp.js at all).


hi @sascha53 yes for the chrome extensions you will need to precompile your tags and use the "special" riot.csp versions. I guess riot+compiler.csp.js does not make any sense, I will remove it from the next build thanks for pointing this out

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment