Content Security Policyerrors after platform server upgraded to 10.0.405.0

Content Security Policyerrors after platform server upgraded to 10.0.405.0

  

Hi,

After our platform server was upgraded to 10.0.405.0, I started getting CSP errors on my application.

It took me a while to realize what was causing it: the new version automatically switched CSP on.

Now I'm trying to fix the errors. From reading a few articles I found online, it seems I have to "whitelist" the script sources by adding them to the "script-src" directive.

I went to LifeTime and tried to add the addresses, but the field length of the textarea is too short.

Is there any other way to get around this?

The problem is created by loading google maps' places library. I created a module similar to the forge "Google Maps Mobile".

Kind regards,

CJ


Hello CJ


In fact the limit is 300 characters in the database. Can you tell me the values you're trying to insert in there, maybe without any private information :)


Cheers

Hi Pedro,

Thanks for your response!

The limiting factor is the "textarea" field on the form in LifeTime. It only allows 50 chars.

Kind regards,

CJ


:| Lame

So, 300 it's ok, but you're limited by the 50?

Yes, I think 300 is more than enough.

Can you configure CSP per application, or is it only enviroment-wide?

Solution

Well. That hard limit in the textareas is fixed, but it will take a while to get out in to General Availability. I'm sorry for the trouble. 


As for available configurations, you can set it per environment, and that configuration is inherited by all apps, but you can set it in the apps also, and that will override the environment ones.


You said before that CSP was on after the upgrade. Is it possible that someone turned it on for the environment?

Solution

I don't think anyone on our team enabled it. It was as soon as our service was up after the upgrade (10.0.105.0 to 10.0.405.0) that I continued working and the errors started.

But nonetheless, until there is a new update to allow more chars, I'll override my application's script-src to "*". Luckily I'm still in development phase.


Thank you CJ! Again, sorry for all the trouble!