ngx-stripe: [BUG] CSP Content Security Policy Errors
Getting CSP Errors:
Chrome:
[Report Only] Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
Firefox:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). pagewrap.bundle.js
Content Security Policy: The page’s settings observed the loading of a resource at inline (“script-src”). A CSP report is being sent. pagewrap.bundle.js
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). pagewrap.bundle.js
Content Security Policy: The page’s settings observed the loading of a resource at inline (“script-src”). A CSP report is being sent. pagewrap.bundle.js
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 29 (12 by maintainers)
If anyone in the future sees this, in the console tab of firefox add
-pagewrap.bundle.jsto the filter output section, this will filter errors from the pagewrap triggered by stripe triggering firefox to throw jit csp errors when an extension is attempting to inspect the page. The errors will still exist (and are irrelevant), but at least you can develop in peace.Yep, decade old esoteric Firefox bug, I miss the days when errors were our fault. Thanks for your help @richnologies
Wow!! Thanks for sharing, very interesting and now we have this issue in case someone else has this issue.
Now that you mention I had issues in the past with Redux Devtools. I haven’t use it in a while.
Sorry about the inconvenience, but nice work troubleshooting this.
Thank you, I think I found out which package is doing it going to remove it and see if anything changes. Thank you so much for your help!