Fork me on GitHub
#pedestal
<
2017-06-17
>
henrik11:06:41

What’s the correct way of dealing with…

Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:". 'strict-dynamic' is present, so host-based whitelisting is disabled.
…? ClojureScript seems to make Chrome go into pouty mode.

henrik11:06:26

I assume it’s something to do with all the document.writes in app.js.

henrik13:06:24

@nxqd cheers, that actually did it! Though turning it off seems like cheating. Either cljs is compiling into insecure js, or there’s something wonky with how Pedestal is serving the file.

jimmy13:06:00

cljs compiles insecure js in normal mode, it shouldn't have any problem with advanced compiled. You can do a little research about secure header, the default one is too strict in my opinion.

henrik13:06:28

Either way, it seems like the Leiningen template could do with an update to fix this for dev mode.

jimmy13:06:28

yeah, true