Dealing With Ember Content Security Policy Errors

ember

If you build Ember.js applications and have been keeping your ember-cli installation up to date, you will have run into or will soon run into Ember’s content-security-policy feature. You will likely have run into it if you start seeing errors in your javascript console to the effect of

1
Refused to load the script 'script' because it violates the following Content Security Policy Directive:

Content Security Policy is a really powerful way to help keep your users safe. It is also has a tiny bit of a learning curve, and is totally unnecessary for early-stage applications that are just being shown to friends and family.

Unfortunately, I know of no way to ‘whitelist all’ when working wiht content-security-policy. The only way to get the approximate effect of a ‘whitelist all’ command is to remove the ember-cli-content-security-policy package from your application’s package.json, and re-run npm install. This will remove the content-security-policy checking from your application - don’t forget to re-start ember serve!

Get Notified of New Posts

* indicates required