Ask questionsContent Security Policy seemingly absent from new instance
After changing the admin settings for content-src and script-src I am seeing CORS errors even after deleting an instance and creating a fresh new one. (Param store has been untouched by me)
Example error below:
Refused to prefetch content from 'https://bp-hubs-main-assets.brokenplace.com/spoke/assets/js/vendors~package-kit-page~project-page-f6be3132b65e15548183.js' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'prefetch-src' was not explicitly set, so 'default-src' is used as a fallback.
Also from the discussion, prior to a fresh instance, I was seeing
Content Security Policy: The page’s settings blocked the loading of a resource at https://bp-hubs-assets.<internaldomain>.com/...
You can see the error in Spoke or in a room at the following Hubs Cloud instance: https://hubs.broken.place
The above instance is currently in line with the hubs-cloud branch.
Answer questions antpb
oh, worth noting this is also happening on hubs.mozilla.com/spoke :O
edit: Had some time this evening to compare to my Hub Cloud instance. What stands out the most is the content security policy errors happening around google analytics. Seemingly every external source is throwing issue.
Here's a snippet of the google analytics error in the Mozilla Spoke instance:
Refused to connect to 'https://www.google-analytics.com/REALLYLONGSTRING' because it violates the following Content Security Policy directive: "connect-src https://hubs.link https://hub.link https://sentry.prod.mozaws.net https://assets-prod.reticulum.io https://uploads-prod.reticulum.io https://smoke-assets-prod.reticulum.io https://asset-bundles-prod.reticulum.io https://smoke-asset-bundles-prod.reticulum.io https://hubs-proxy.com wss://hubs.mozilla.com wss://smoke-hubs.mozilla.com https://www.mozilla.org https://hubs.local:3000 'self' https://cors-proxy-prod.reticulum.io:443 https://uploads-prod.reticulum.io https://dpdb.webvr.rocks https://nearspark-prod.reticulum.io:443 https://.reticulum.io:443 wss://.reticulum.io:443 wss://.reticulum.io:443 https://.reticulum.io:443 wss://:443 https://:443 https://cdn.aframe.io https://www.youtube.com https://api.github.com data: blob:".
Related questionsNo questions were found.