Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP violation in marketplace #12886

Closed
atouchsh opened this issue Mar 19, 2022 · 7 comments
Closed

CSP violation in marketplace #12886

atouchsh opened this issue Mar 19, 2022 · 7 comments
Assignees
@markkaylor
Labels
source: marketplace Source is admin in-app marketplace

Comments

@atouchsh
Copy link

Bug report

Describe the bug

Plugins images are not loading in market place due to CSP violation

Screenshots

Drag Racing

System

  • Node.js version: 14.17.6
  • NPM version: 6.14.15
  • Strapi version: 4.1.5
@markkaylor
Copy link
Contributor

Hi @atouchsimo could you try clearing the .cache folder in you Strapi application and then rebuilding the admin panel. Could you also clear your browser cache?

@markkaylor markkaylor self-assigned this Mar 21, 2022
@markkaylor markkaylor added the source: marketplace Source is admin in-app marketplace label Mar 21, 2022
@atouchsh
Copy link
Author

@markkaylor yeap it was a cache issue, they are loading now 👍🏻

@markkaylor markkaylor mentioned this issue Mar 21, 2022
Closed
@christher-lenander
Copy link

Clearing the Cache folder didn't work for me. I use the strapi-provider-upload-dos for digital ocean.

@markkaylor
Copy link
Contributor

@ChristherLenander do you have an error in the console you could share? Did you also clear your browser cache?

@christher-lenander
Copy link

christher-lenander commented Mar 22, 2022
edited
Loading

image

Yes I cleard both Strapi cache and browser cache. Did yarn build after that.
I also have tested in chrome incognito mode with the same result.

@seeforcat
Copy link

Add dl.airtable.com to CSP Directive in /config/middlewares.js

module.exports = [
  "strapi::errors",
  "strapi::cors",
  "strapi::poweredBy",
  "strapi::logger",
  "strapi::query",
  "strapi::body",
  "strapi::session",
  "strapi::favicon",
  "strapi::public",
  {
    name: "strapi::security",
    config: {
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
          "connect-src": ["'self'", "https:"],
          "img-src": [
            "'self'",
            "data:",
            "blob:",
            "storage.googleapis.com",
            "dl.airtable.com",
          ],
          "media-src": [
            "'self'",
            "data:",
            "blob:",
            "storage.googleapis.com",
            "dl.airtable.com",
          ],
          upgradeInsecureRequests: null,
        },
      },
    },
  },
];

@strapi-bot
Copy link

This issue has been mentioned on Strapi Community Forum. There might be relevant details there:

https://forum.strapi.io/t/strapi-v4-broken-image-blob-dl-airtable-com/17941/10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markkaylor markkaylor

Labels
source: marketplace Source is admin in-app marketplace
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@atouchsh @markkaylor @christher-lenander @seeforcat @strapi-bot