Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CSP (Content Security Policy) rules are blocking react-virtualized execution

See original GitHub issue

Hi!

When CSP rules are enforced by the server, react-virtualized is blocked because of the use of eval by the interval-tree-1d dependency, and its own dep binary-search-bounds. This issue may impact a larger and larger number of users in the future. I understand this dependency is used for performance reasons, and I’m afraid I haven’t any replacement solution for this, but I wanted to discuss the issue with you, and see if we could manage to find a solution. Any thoughts?

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:8 (7 by maintainers)

github_iconTop GitHub Comments

2reactions
bvaughncommented, Apr 3, 2017

In the meanwhile, unless you’re using the Masonry component, you don’t actually need or use this dependency. If your build system is pulling it in- you can work around this using a deep import.

// Rather than...
import { List } from 'react-virtualized'

// You could do...
import List from 'react-virtualized/dist/commonjs/List'

This will also likely help with your bundle size slightly.

I’ve been meaning to write up a section of the docs about this.

0reactions
bvaughncommented, Apr 5, 2017

9.6.0 release just went out with this.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Content Security Policy - OWASP Cheat Sheet Series
Basic CSP Policy​​ This policy prevents cross-site framing and cross-site form-submissions. It will only allow resources from the originating domain for all the ......
Read more >
React Content Security Policy Guide - StackHawk
In this post, we're going to cover content security policy, or CSP, in React. First we'll have a brief overview of CSP—what is...
Read more >
Everything You Need to Know About Content Security Policy ...
A primary goal of CSP is to mitigate and report XSS attacks. XSS attacks exploit the browser's trust of the content received from...
Read more >
ContentSecurityPolicy Preventing fetch request in Electron
Refused to connect to '<API_URL>' because it violates the document's Content Security Policy. The code I am using to make the request is...
Read more >
How To Secure Your Django Application with a Content ...
Now that your project supports CSPs, it is ready to be security hardened. To achieve that, you'll configure the project to add CSP...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Fixed columns in MultiGrid aren't scrollable

Next page

Don't unload rows when scrolling under certain situations