TechQA.

Content-Security-Policy refusing to load localhost script

5.2k views Asked by At

I'm building a micro-frontend web app with single-spa and am trying to set up import map overrides on my deployed site.

I'm getting the following console error when trying to load a micro frontend script from localhost

script-load.js:86 Refused to load the script 'http://localhost:8085/whatever.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' https: localhost:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I have the following Content-Security-Policy in my HTML:

meta http-equiv="Content-Security-Policy" content="default-src 'self' https: localhost:*; script-src 'unsafe-inline' 'unsafe-eval' https: localhost:*; connect-src https: localhost:* ws://localhost:*; style-src 'unsafe-inline' https:; object-src 'none';"

I was under the impression that script-src localhost:* would allow overriding the MFE scripts with scripts I had running locally.

content-security-policy single-spa import-maps
Original Q&A
1

There are 1 answers

0
Sandeep Ks On

Keep the import map like this don't add http before

 <script type="systemjs-importmap">
    {
      "imports": {
        "@dell/react1":"//localhost:8080/test-react1.js"
      }
    }
  </script>

Related Questions in CONTENT-SECURITY-POLICY

Related Questions in SINGLE-SPA

Related Questions in IMPORT-MAPS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions