Ask questionsContent Security Policy seemingly absent from new instance
After changing the admin settings for content-src and script-src I am seeing CORS errors even after deleting an instance and creating a fresh new one. (Param store has been untouched by me)
Example error below:
Refused to prefetch content from 'https://bp-hubs-main-assets.brokenplace.com/spoke/assets/js/vendors~package-kit-page~project-page-f6be3132b65e15548183.js' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'prefetch-src' was not explicitly set, so 'default-src' is used as a fallback.
Also from the discussion, prior to a fresh instance, I was seeing
Content Security Policy: The page’s settings blocked the loading of a resource at https://bp-hubs-assets.<internaldomain>.com/...
You can see the error in Spoke or in a room at the following Hubs Cloud instance: https://hubs.broken.place
The above instance is currently in line with the hubs-cloud branch.
Answer questions antpb
You can reproduce the error most clearly by going to https://hubs.broken.place/spoke and making a new scene. When you've reached the new scene, add a video element and use a youtube/vimdeo url and you'll notice that videonode fails.
Related questionsNo questions were found.