Hi Antonio,
So I now have:
LiftRules.securityRules = () => SecurityRules(content =
Some(ContentSecurityPolicy(scriptSources = List(Self, UnsafeInline,
UnsafeEval), styleSources = List(Self, UnsafeInline))))
But I'm still getting the error shown below. When the page first
loaded, I got a similar error, and none of the usual Comet requests
showed up. I reloaded the page and they showed up in the Firebug
console, but without the eval, the page just doesn't work correctly.
Thanks,
Donald
GET
http://localhost:8080/aoiDev/lift/comet/689688763...0261998994520RACSL=1026199899454&_=1490642571372
200 OK
276ms
jquery-2.1.3.js (line 8625)
ParamsHeadersResponseCookies
try { destroy_F10261998994520RACSL(); } catch (e) {}
try{var updates = [["<input type=\"checkbox\"/>", "test 1",
"Acknowledged", "UNKNOWN", "2017-03-08T19:35:53",
"2017-03-08T19:35:53", "A high priority message was posted on the
bulletin board \u0027tst_monitor\u0027.", "101", "ack", "1"]
]
;
var adds = []
;
logTable.processAddsUpdates(adds, updates);}catch(e){lift.cometOnError(e);}
try { destroy_F10261998994520RACSL = function() {}; } catch (e) {}
lift.updWatch('F10261998994520RACSL', '1026199899499');
Content Security Policy: The page’s settings observed the loading of a
resource at self (“script-src
http://localhost:8080 'unsafe-inline'”).
A CSP report is being sent. Source: call to eval() or related function
blocked by CSP.
call to eval() or related function blocked by CSP
On Mon, Mar 27, 2017 at 2:54 PM, Antonio Salazar Cardozo