Ask questionsContent Security Policy seemingly absent from new instance
After changing the admin settings for content-src and script-src I am seeing CORS errors even after deleting an instance and creating a fresh new one. (Param store has been untouched by me)
Example error below:
Refused to prefetch content from 'https://bp-hubs-main-assets.brokenplace.com/spoke/assets/js/vendors~package-kit-page~project-page-f6be3132b65e15548183.js' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'prefetch-src' was not explicitly set, so 'default-src' is used as a fallback.
Also from the discussion, prior to a fresh instance, I was seeing
Content Security Policy: The page’s settings blocked the loading of a resource at https://bp-hubs-assets.<internaldomain>.com/...
You can see the error in Spoke or in a room at the following Hubs Cloud instance: https://hubs.broken.place
The above instance is currently in line with the hubs-cloud branch.
Answer questions antpb
In another self hosted instance I have access to I noticed that in Spoke the same errors are happening so this seems across all Hub Cloud instances. Existing content seems to be okay, it's just new content that is not working. Maybe the problem is Spoke side? The common issue seems to be the proxy domain not being able to resolve.
I've seen similar reports to this issue in https://github.com/mozilla/hubs/discussions/3017 and https://github.com/mozilla/hubs-cloud/issues/110
Related questionsNo questions were found.