-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto-configure app CSP for configured Live Preview URL #18765
Comments
As a workaround for now you can allow domains to be loaded by explicitly setting it in the CSP configuration.
|
@br41nslug What's the proposed improvement here? Is the problem that third party scripts used in the |
I think the only real solution is to implement #17794 (comment) not sure why we not ended up doing that in the end. The Most should be seeing an error like |
Copy that! I'll update the OP to make that clear 🙂 |
Thanks for the help, got it working! 🎉 I also think auto-configuring the CSP would be great 👍 |
How can what configure CSP configs in directus cloud standard? |
For external websites that have their own CSP disallowing embedding, can we please have a checkbox for "Open preview URL in new window" ? |
Describe the Bug
Hi there, thanks a lot for the great work on Directus! 💜
I wanted to try out the new live preview feature but somehow couldn't get it to work with any website I tried to embed. The iframe stayed blank, and in the Javascript console I got an error that says: Content Security Policy:
The page’s settings blocked the loading of a resource at inline (“script-src”).
Is there some setting that needs to be adjusted on the preview website that I'm missing? First I was testing it with our own website, and then proceeded to test it with things like YouTube embeds. All showed the same behavior :/
To Reproduce
Set any website as the preview URL for a collection, and then view an item from that collection with live preview turned on.
Directus Version
v10.2.1
Hosting Strategy
Self-Hosted (Docker Image)
The text was updated successfully, but these errors were encountered: