Announcement

**Isomorphic** · 9 Nov 2017, 14:17

Because you forgot, yet again, to post what browser you're using (please please try to remember this!) we can't comment much on this.

The second two appear to possibly be a browser bug (erroneously considering data URL consisting of inlined SVG as external content). You may be able to work around this by turning off CSP for "data:" urls or for image/svg+xml. Oddly the source is listed as an HTML file even though these data URLs actually appear in our .css files, so possibly your code is doing something special here. But you haven't provided instructions to reproduce the issue, so we can't look further.

The first one we can't comment on since you've given no information on how to reproduce it.

Note that you can have CSP violation information posted to a URL as JSON data, and that may help you figure out the actual causes of these reported violations.

**sidharth1917** · 4 Dec 2017, 02:24

The browser we are using is Google Chrome Version 62.0.3202.94.

The first error is coming in generated project.nocache.js

Steps to Reproduce:
1. Create a simple server-client project serving HTTP request response.
2. The response should return an HTML page which has a link to generated project.nocache.js.
3. In the above HTTP response add a header for CSP and declare it as mentioned below
Content-Security-Policy: script-src 'self' 4. When a request is sent to the project and the response is loaded into the browser, open the Chrome browser's developer tool and view the JS errors as mentioned in the screenshot.

Thanks,
Sidharth

**Isomorphic** · 4 Dec 2017, 08:40

project.nocache.js is the JavaScript GWT generates from your application code.

Let us know if you find an issue with the SmartGWT framework.

Announcement

Adding content-security-policy header is giving JS errors

Comment

Comment

Comment