naturalBound is null with CSP
See original GitHub issueI use a strict Content Security Policy (CSP). Since updating to fullcalendar-scheduler 5 the timeline view is not rendered properly and I get the following error:
TypeError: naturalBound is null
This seems to be caused by this piece of code: https://github.com/fullcalendar/fullcalendar-scheduler/blob/9bc55cc974b53147bd515a133484ae5b621e6534/scrollgrid/src/StickyScrolling.ts#L154
I am not sure how this is connected to the CSP, but the error goes away when I remove the CSP.
Unfortunately, CodePen/JSFiddle ignore the CSP, so here is the code for reproducing the issue:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'nonce-2726c7f26c' cdn.jsdelivr.net; style-src cdn.jsdelivr.net" />
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fullcalendar-scheduler@5.1.0/main.css">
</head>
<body>
<div class="calendar"></div>
<script src="https://cdn.jsdelivr.net/npm/fullcalendar-scheduler@5.1.0/main.js"></script>
<script nonce="2726c7f26c">
var el = document.querySelector('.calendar');
var calendar = new FullCalendar.Calendar(el, {
schedulerLicenseKey: 'CC-Attribution-NonCommercial-NoDerivatives',
initialView: 'timeline',
events: [{
start: '2020-06-29 13:00',
end: '2020-06-29 15:00',
}, {
start: '2020-06-29 14:00',
end: '2020-06-29 16:00',
}]
});
calendar.render();
</script>
</body>
</html>
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:6 (3 by maintainers)
Top Results From Across the Web
fullcalendar/moment: Versions
... and defaultAllDayEventDuration, whereas previously it was sometimes null. ... naturalBound is null with CSP (#5556); does not support Content Security ...
Read more >https://raw.githubusercontent.com/warrenspence/ful...
... depending on start date (#5634) - default scrollTime is not appropriate for month/year view (#5645) - naturalBound is null with CSP (#5556)...
Read more >fullcalendar - CHANGELOG.md
... and defaultAllDayEventDuration, whereas previously it was sometimes null. ... naturalBound is null with CSP (#5556); does not support Content Security ...
Read more >Saddlepoints
(CSP) will give year of publication of the original article where needed, followed by volume num- ... be designated as null and be...
Read more >tbc.pdf.txt
Null Models of Network growth a Probability P(r) 0.10 Probability P(r) 10 -1 ... page 132 — #150 5 the sequence of q-coloring...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This is definitely related to the CSP but I also believe there is an issue in the javascript code: The code that triggers the error does not check if
naturalBound
is null. There should either be a check of the code that definesnaturalBound
should make sure that it never is null in the first place.We somehow still have this issue in 5.8.0. Is there additional work to be done beside using the latest version?
It somehow did not show up, when overriding “.fc-sticky” with “position: static”.