Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
fcl forces us to use a less secure content-security-policy
See original GitHub issueInstructions
Please fill out the template below to the best of your ability and include a label indicating which tool/service you were working with when you encountered the problem.
Problem
@onflow/protobuf calls eval in it. this is why my project is forced to allow unsafe-eval in our content-security-policy.
Steps to Reproduce
- you can check out this replication: https://github.com/austinsamsel/unsafe-eval-test/commits/main
- try
npm install - then
npm run build && npm run startand expect to see csp errors in the console. - if you checkout an earlier commit before
fclwas added… - you can then run
npm run build && npm run startand the application will execute.
Acceptance Criteria
- javascript applications that use
fcldo not need to allowunsafe-eval
Context
n/a
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Content Security Policy (CSP) - HTTP - MDN Web Docs
Chrome Edge
Content‑Security‑Policy Full support. Chrome25. more. Toggle history Full sup...
base‑uri Full support. Chrome40. Toggle history Full sup...
block‑all‑mixed‑content. Deprecated Full support. ChromeYes. Toggle history...
Read more >Using Content Security Policy (CSP) to Secure Web Applications
This article shows how to use CSP headers to protect websites against XSS attacks and other attempts to bypass same-origin policy. Subscribe.
Read more >Content Security Policy - OWASP Cheat Sheet Series
Even on a fully static website, which does not accept any user input, a CSP can be used to enforce the use of...
Read more >Content-Security-Policy Header CSP Reference & Examples
The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.
Read more >Content Security Policy Level 3 - W3C
Note: When parsing a response's Content Security Policies, if the resulting policies end up containing at least one item, user agents can hold...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@mikeylemmon The HTTP API has been released on testnet and mainet! The Flow access node API for REST clients. Usable with the Flow CLI (Emulator) and FCL (Flow Client Library)
https://rest-testnet.onflow.org/v1/ Testnet: View Documentation
https://rest-mainnet.onflow.org/v1/ Mainnet: View Documentation
The SDK transport modules have moved into their own packages. The JS-SDK now makes use of transport modules for sending an interaction to an access api and receiving a response.
More details available in the SDK CHANGELOG and on the Docs Site at onflow.org HTTP-API Reference
I have the same problem. Any workaround?