Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Configure CSP in an Ember CLI application which uses http-mock

Tags:

ember.js

ember-cli

http-mock

I'm using http-mock with Ember CLI as suggested on http://www.ember-cli.com/#ember-data. I understand the basic concept of CSP but I don't understand the configuration of it within an Ember CLI application.

How can I configure my application to either accept requests to localhost:4200/api/ to avoid this during development:

Content Security Policy violation: {
    "csp-report": {
        "document-uri":"http://localhost:4200/products",
        "referrer":"",
        "violated-directive":"style-src 'self'",
        "effective-directive":"style-src",
        "original-policy":"default-src 'none'; script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729; font-src 'self'; connect-src 'self' ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report; img-src 'self'; style-src 'self'; media-src 'self'; report-uri http://0.0.0.0:4200/csp-report;",
        "blocked-uri":"",
        "source-file":"chrome-extension://alelhddbbhepgpmgidjdcjakblofbmce",
        "line-number":1,"column-number":20481,"status-code":200
    }
}
like image 604
wintermeyer Avatar asked Mar 28 '15 16:03

wintermeyer

1 Answers

You can adjust your content security policy by editing config/environment.js. I believe in your case, the connect-src is relevant to the error being thrown (edit: looks like style-src is being violated, possibly by Chrome Extension Awesome Screenshot). Adding * will allow it to connect to anything.

var ENV = {

  ...

  contentSecurityPolicy: {
    'default-src': "'none'",
    'script-src': "'self'",
    'font-src': "'self'",
    'connect-src': "'self' *",
    'img-src': "'self'",
    'style-src': "'self' *",
    'media-src': "'self'"
  }
}

Or more specifically, you could add:

...
'connect-src': "'self' 'localhost:4200'",
...

Furthermore, if you only wanted to add this to your dev environment, put it in:

if (environment === 'development') {
  ENV.contentSecurityPolicy = {
    ...(policies)...
  }
}

More information available about CSP in ember-cli: https://www.npmjs.com/package/ember-cli-content-security-policy.

More information about CSP in general: http://content-security-policy.com/

like image 148
rog Avatar answered Oct 07 '22 01:10

rog
Sign in to Comment

Related questions

React, Ember-data
Should I use ember data with ember.js?
Ember.js and Google Analytics
How to create nested models in Ember.js?
Emberjs async routing
Is there an alternate to metamorph script tags in Ember.js?
What is the best way to handle events in Ember.js?
How to render hasMany relationship data?
Which UI toolkit are you using with your Ember.js apps?
emberjs handle 401 not authorized
How to set a property which is observable but not run observable function for few cases in EmberJS
Accessing array element in Ember handlebars
How to access dynamic segment in a controller in Ember.js?
EmberJS: How to Redirect from Route, Keeping Query Params
Ember-Data recursive hasMany association
Ember.js ember-data restadapter fail to load json
Delete associated model with ember-data
How to simulate back button when testing Ember.js apps?
Ember JS transition to nested routes where all routes are dynamic segments from a view
Ember-table integration with Ember-model / Ember-data

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!