We've moved discussions to Discord

Content security policy problem

Stephen Ariel
I have created a new project and when running in development mode using foreman when I navigate to any page say the dashboard at http://127.0.0.1:5000/2/ I see in the browser console the following error in Safari Refused to connect to ws://127.0.0.1:5000/cable because it does not appear in the connect-src directive of the Content Security Policy.

or in Chrome
livereload.js:192 Refused to connect to 'ws://127.0.0.1:35729/livereload' because it violates the following Content Security Policy directive: "connect-src 'self' https: http://localhost:3035 ws://localhost:3035 ws://localhost:3000 ws://localhost:5000 http://localhost:35729 ws://localhost:35729".
__connector.Connector.Connector.connect @ livereload.js:192

I am just using the default content_security_policy.rb file that contains

if Rails.env.development?
  srcs = ["http://localhost:3035", "ws://localhost:3035", "ws://localhost:3000", "ws://localhost:5000"]
  srcs += ["http://localhost:35729", "ws://localhost:35729"] if Jumpstart.config.livereload?
  policy.connect_src :self, :https, *srcs
end

I've also noticed that occasionally I get a message in the format terminal window the logs show
NotificationChannel stopped streaming from notification:Z2lkOi8vanVtcHN0YXJ0LWFwcC9Vc2VyLzE
and I have to press enter in the window for it to seem to continue any requests made from the browser. 

Any help would be great. 


Stephen Ariel
found it. It was because I was using the IP address instead of localhost as the address. 
Stephen Ariel
I have created a new project and when running in development mode using foreman when I navigate to any page say the dashboard at http://127.0.0.1:5000/2/ I see in the browser console the following error in Safari Refused to connect to ws://127.0.0.1:5000/cable because it does not appear in the connect-src directive of the Content Security Policy.

or in Chrome
livereload.js:192 Refused to connect to 'ws://127.0.0.1:35729/livereload' because it violates the following Content Security Policy directive: "connect-src 'self' https: http://localhost:3035 ws://localhost:3035 ws://localhost:3000 ws://localhost:5000 http://localhost:35729 ws://localhost:35729".
__connector.Connector.Connector.connect @ livereload.js:192

I am just using the default content_security_policy.rb file that contains

if Rails.env.development?
  srcs = ["http://localhost:3035", "ws://localhost:3035", "ws://localhost:3000", "ws://localhost:5000"]
  srcs += ["http://localhost:35729", "ws://localhost:35729"] if Jumpstart.config.livereload?
  policy.connect_src :self, :https, *srcs
end

I've also noticed that occasionally I get a message in the format terminal window the logs show
NotificationChannel stopped streaming from notification:Z2lkOi8vanVtcHN0YXJ0LWFwcC9Vc2VyLzE
and I have to press enter in the window for it to seem to continue any requests made from the browser. 

Any help would be great. 


Stephen Ariel
found it. It was because I was using the IP address instead of localhost as the address. 
Notifications
You’re not receiving notifications from this thread.
© 2022 Jumpstart Pro by GoRails, LLC