I'm using http-mock with Ember CLI as suggested on http://www.ember-cli.com/#ember-data. I understand the basic concept of CSP but I don't understand the configuration of it within an Ember CLI application.
How can I configure my application to either accept requests to localhost:4200/api/ to avoid this during development:
Content Security Policy violation: {
"csp-report": {
"document-uri":"http://localhost:4200/products",
"referrer":"",
"violated-directive":"style-src 'self'",
"effective-directive":"style-src",
"original-policy":"default-src 'none'; script-src 'self' 'unsafe-eval' localhost:35729 0.0.0.0:35729; font-src 'self'; connect-src 'self' ws://localhost:35729 ws://0.0.0.0:35729 http://0.0.0.0:4200/csp-report; img-src 'self'; style-src 'self'; media-src 'self'; report-uri http://0.0.0.0:4200/csp-report;",
"blocked-uri":"",
"source-file":"chrome-extension://alelhddbbhepgpmgidjdcjakblofbmce",
"line-number":1,"column-number":20481,"status-code":200
}
}
You can adjust your content security policy by editing
config/environment.js. I believe in your case, theconnect-srcis relevant to the error being thrown (edit: looks likestyle-srcis being violated, possibly by Chrome Extension Awesome Screenshot). Adding*will allow it to connect to anything.Or more specifically, you could add:
Furthermore, if you only wanted to add this to your dev environment, put it in:
More information available about CSP in
ember-cli: https://www.npmjs.com/package/ember-cli-content-security-policy.More information about CSP in general: http://content-security-policy.com/