Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Unsafe-eval error upgrading from 5.1.11 to 5.2.0-rc.0
See original GitHub issueDescribe the bug After upgrading storybook from 5.1.11 to 5.2.0-rc.0 I get an unsafe-eval CSP errors in the console and the application doesn’t render properly. It happens both in development (start-storybook) and when running the production build. I’m using an express middleware to add CSP headers when serving files that looks like this:
module.exports = function (app) {
app.use(function (req, res, next) {
res.header('Content-Security-Policy', `default-src * 'unsafe-inline'; font-src 'self' data: `);
next();
});
}
What I’ve got from looking at the stacktrace it seems to be due to calls to telejson’s parse function.
Let me know if you need some more info!
To Reproduce Steps to reproduce the behavior:
yarn add @storybook/addon-actions@^5.2.0-rc.0 @storybook/addon-backgrounds@^5.2.0-rc.0 @storybook/addon-info@^5.2.0-rc.0 @storybook/addon-knobs@^5.2.0-rc.0 @storybook/addon-links@^5.2.0-rc.0 @storybook/addon-notes@^5.2.0-rc.0 @storybook/addon-options@^5.2.0-rc.0 @storybook/addon-viewport@^5.2.0-rc.0 @storybook/addons@^5.2.0-rc.0 @storybook/components@^5.2.0-rc.0 @storybook/react@^5.2.0-rc.0 @storybook/ui@^5.2.0-rc.0 --saveyarn start-storybook -s ./public
Expected behavior
That using a CSP that does not contain 'unsafe-eval' will work.
Screenshots
System: Environment Info:
System: OS: Linux 4.15 Ubuntu 18.04.1 LTS (Bionic Beaver) CPU: (4) x64 Intel® Core™ i7-6820HQ CPU @ 2.70GHz Binaries: Node: 10.15.1 - /usr/bin/node Yarn: 1.13.0 - /usr/bin/yarn npm: 6.4.1 - /usr/bin/npm Browsers: Chrome: 76.0.3809.100 Firefox: 68.0.2 npmPackages: @storybook/addon-actions: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/addon-backgrounds: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/addon-info: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/addon-knobs: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/addon-links: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/addon-notes: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/addon-options: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/addon-viewport: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/addons: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/components: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/react: ^5.2.0-rc.0 => 5.2.0-rc.0 @storybook/ui: ^5.2.0-rc.0 => 5.2.0-rc.0
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hey there, we are also on the same situation: on 5.1 our CSP policies were working, now, on 5.2 we are getting CSP errors and we are no more able to run our docs with CSP enabled. Seems that this is related to https://emotion.sh/ used for styling. Someone from the storybook team (@shilman) can explain us how we can easily apply CSP policies to our components avoiding having to apply the same CSP rules to the whole storybook page?
@markov00 can you share a repro?