This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-11-10
Channels
- # beginners (6)
- # calva (1)
- # cider (17)
- # clj-kondo (10)
- # clojure (4)
- # clojure-austin (3)
- # clojure-spec (3)
- # clojurescript (40)
- # clojurex (17)
- # core-async (10)
- # cursive (1)
- # data-science (2)
- # datomic (15)
- # emacs (10)
- # fulcro (15)
- # funcool (1)
- # graalvm (15)
- # joker (3)
- # nrepl (34)
- # off-topic (10)
- # pedestal (3)
- # rewrite-clj (6)
- # spacemacs (5)
- # sql (11)
hello, I'm running a server in dev mode and getting the following content security policy error in the browser:
Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:". 'strict-dynamic' is present, so host-based whitelisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
it looks like this is the default policy, so i'm not sure why it's blocking this script from being loaded
found this in the samples and that fixes things: https://github.com/pedestal/pedestal/blob/2c7f6fed2105290fdcd6351249ed7072a7cab9ca/samples/cors/src/cors/server.clj#L36