Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

naturalBound is null with CSP

See original GitHub issue

I use a strict Content Security Policy (CSP). Since updating to fullcalendar-scheduler 5 the timeline view is not rendered properly and I get the following error:

TypeError: naturalBound is null

This seems to be caused by this piece of code: https://github.com/fullcalendar/fullcalendar-scheduler/blob/9bc55cc974b53147bd515a133484ae5b621e6534/scrollgrid/src/StickyScrolling.ts#L154

I am not sure how this is connected to the CSP, but the error goes away when I remove the CSP.

Unfortunately, CodePen/JSFiddle ignore the CSP, so here is the code for reproducing the issue:

<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8">
    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'nonce-2726c7f26c' cdn.jsdelivr.net; style-src cdn.jsdelivr.net" />
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fullcalendar-scheduler@5.1.0/main.css">
  </head>
  <body>
    <div class="calendar"></div>
    <script src="https://cdn.jsdelivr.net/npm/fullcalendar-scheduler@5.1.0/main.js"></script>
    <script nonce="2726c7f26c">
      var el = document.querySelector('.calendar');
      var calendar = new FullCalendar.Calendar(el, {
        schedulerLicenseKey: 'CC-Attribution-NonCommercial-NoDerivatives',
        initialView: 'timeline',
        events: [{
          start: '2020-06-29 13:00',
          end: '2020-06-29 15:00',
        }, {
          start: '2020-06-29 14:00',
          end: '2020-06-29 16:00',
        }]
      });
      calendar.render();
    </script>
  </body>
</html>

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:6 (3 by maintainers)

Top GitHub Comments

2reactions

xicommented, Jun 30, 2020

This is definitely related to the CSP but I also believe there is an issue in the javascript code: The code that triggers the error does not check if naturalBound is null. There should either be a check of the code that defines naturalBound should make sure that it never is null in the first place.

0reactions

stefanuebecommented, Jun 21, 2021

We somehow still have this issue in 5.8.0. Is there additional work to be done beside using the latest version?

Uncaught TypeError: Cannot read property 'top' of null
    at eval (main.js?1dfc:273)
    at Array.map (<anonymous>)
    at StickyScrolling.computeElDestinations (main.js?1dfc:254)
    at StickyScrolling.updateSize (main.js?1dfc:195)
    at eval (main.js?1dfc:809)
    at Array.forEach (<anonymous>)
    at ScrollGrid.updateStickyScrolling (main.js?1dfc:809)
    at ScrollGrid.eval (main.js?1dfc:530)

It somehow did not show up, when overriding “.fc-sticky” with “position: static”.

Top Results From Across the Web

fullcalendar/moment: Versions

... and defaultAllDayEventDuration, whereas previously it was sometimes null. ... naturalBound is null with CSP (#5556); does not support Content Security ...

https://raw.githubusercontent.com/warrenspence/ful...

... depending on start date (#5634) - default scrollTime is not appropriate for month/year view (#5645) - naturalBound is null with CSP (#5556)...

fullcalendar - CHANGELOG.md

... and defaultAllDayEventDuration, whereas previously it was sometimes null. ... naturalBound is null with CSP (#5556); does not support Content Security ...

Saddlepoints

(CSP) will give year of publication of the original article where needed, followed by volume num- ... be designated as null and be...

tbc.pdf.txt

Null Models of Network growth a Probability P(r) 0.10 Probability P(r) 10 -1 ... page 132 — #150 5 the sequence of q-coloring...