Dealing With Ember Content Security Policy Errors


If you build Ember.js applications and have been keeping your ember-cli installation up to date, you will have run into or will soon run into Ember’s content-security-policy feature. You will likely have run into it if you start seeing errors in your javascript console to the effect of

Refused to load the script 'script' because it violates the following Content Security Policy Directive:

Content Security Policy is a really powerful way to help keep your users safe. It is also has a tiny bit of a learning curve, and is totally unnecessary for early-stage applications that are just being shown to friends and family.

Unfortunately, I know of no way to ‘whitelist all’ when working wiht content-security-policy. The only way to get the approximate effect of a ‘whitelist all’ command is to remove the ember-cli-content-security-policy package from your application’s package.json, and re-run npm install. This will remove the content-security-policy checking from your application - don’t forget to re-start ember serve!

I'm looking for better ways to build software businesses. Find out if I find something.