profile
viewpoint

Ask questionsContent Security Policy seemingly absent from new instance

From https://github.com/mozilla/hubs/discussions/2994

After changing the admin settings for content-src and script-src I am seeing CORS errors even after deleting an instance and creating a fresh new one. (Param store has been untouched by me)

Example error below:

Refused to prefetch content from 'https://bp-hubs-main-assets.brokenplace.com/spoke/assets/js/vendors~package-kit-page~project-page-f6be3132b65e15548183.js' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'prefetch-src' was not explicitly set, so 'default-src' is used as a fallback.

Also from the discussion, prior to a fresh instance, I was seeing

Content Security Policy: The page’s settings blocked the loading of a resource at https://bp-hubs-assets.<internaldomain>.com/...

You can see the error in Spoke or in a room at the following Hubs Cloud instance: https://hubs.broken.place

The above instance is currently in line with the hubs-cloud branch.

mozilla/hubs-cloud

Answer questions antpb

Last night I deleted the stack, removed all rogue DNS records, then made a new stack. Still seeing the same issues. The example url is now 1:1 with what deploys from an initial stack creation.

useful!

Related questions

No questions were found.
source:https://uonfu.com/
Github User Rank List