Fork me on GitHub
#pedestal
<
2019-04-18
>
olle08:04:40

Hi I'm trying to serve a static js using

::http/resource-path   "public"
in the service map but I get an csp error
Refused to load the script '' because it violates the following Content Security Policy directive: "script-src self". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
.

olle08:04:27

Any tips 🙂

Ivan08:04:24

It seems to me you have to configure CSP for your use case

olle09:04:46

Tnx yes I managed to solve it by adding

::http/secure-headers {:content-security-policy-settings {:script-src "https://*.}}
to my service map.

👍 4