Getting content security policy error after deploying react/express app

谁说胖子不能爱 提交于 2021-01-29 11:25:23

问题


I deployed a react/express app to heroku and when going to here I get this error 'Refused to load the image 'https://nameless-sands-37753.herokuapp.com/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.'. Here's what I tried:

  • Added this to manifest.json: "content_security_policy": "default-src 'self' https://nameless-sands-37753.herokuapp.com/"
  • Added this to my server.js
if (process.env.NODE_ENV === "production") {
  app.use("/voleo/", express.static("client/build"));
  app.use(helmet.contentSecurityPolicy({
    directives: {
      defaultSrc: ["'self'"],
      styleSrc: ["'self'"],
      imgSrc: ["'self"]
    }
  }))

  app.get("*", (req, res) => {
    res.sendfile(path.resolve(__dirname, "client", "build", "index.html"));
  });
}
  • Removed the faveicon.ico
  • Added this tag: <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*" />

    Still not sure what I'm doing wrong. Advice much appreciated.


回答1:


I had the same problem and it had to do with path.resolve. I added this at the top of the file:

const path = require('path')

and it worked after that.




回答2:


The more general answer to the problem would be to check heroku logs in terminal as follows:

heroku logs -n 500 

(choose the number of lines to log) OR

heroku logs --tail 

(for live logs, but I found the 1st command to be more effective)

In there you will see the exact error that prevents the app from properly rendering.



来源:https://stackoverflow.com/questions/56822165/getting-content-security-policy-error-after-deploying-react-express-app

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!