Serving Static Files, Issue with Content Security Policy
272 views
Skip to first unread message
Dennis Yurkevich
Jun 26, 2018, 12:33:05 PM6/26/18
to Google App Engine
Hello All,
I am serving static files from my app (for now) using express.
When app engine sends the response it attaches the following header:
content-security-policy: default-src 'self' frame-ancestors 'self' https://console.cloud.google.com https://*.corp.google.com:* http://*.corp.google.com:*
Which causes the following error:
The Content Security Policy directive 'default-src' contains 'frame-ancestors' as a source expression. Did you mean 'default-src ...; frame-ancestors...' (note the semicolon)?
I have no idea on how to amend this header unless I start playing with the Nginx config, which means I am may as well revert to using compute engine.
Can anyone provide any ideas on how I can solve this?
Stack: node, express, webpack4, vuejs.
Kenworth (Google Cloud Platform)
Jun 27, 2018, 6:15:04 PM6/27/18
to Google App Engine
It seems you also rightfully posted this issue to StackOverflow on tags we monitor, and provided your solution. For users experiencing the same issue, please follow the thread below:
https://stackoverflow.com/questions/51040045/google-app-engine-content-security-policy-issues
Dennis Yurkevich
Jun 28, 2018, 9:12:27 AM6/28/18
to google-a...@googlegroups.com
Hello Kenworth,
I do not think the solution is a good one. It is a workaround.
At the very least we need to have documentation explaining any additional headers being set in the dev environment.
In an ideal scenario they should not be there.
On Wed, 27 Jun 2018 at 23:15, 'Kenworth (Google Cloud Platform)' via Google App Engine <google-a...@googlegroups.com> wrote:
It seems you also rightfully posted this issue to StackOverflow on tags we monitor, and provided your solution. For users experiencing the same issue, please follow the thread below:
https://stackoverflow.com/questions/51040045/google-app-engine-content-security-policy-issues
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/ed29efca-2ee5-4a8c-a33c-90036701542f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Kenworth (Google Cloud Platform)
Jun 29, 2018, 11:08:42 AM6/29/18
to Google App Engine
This thread is off-topic for Groups for which is reserved for general discussion of GCP products and services, not for troubleshooting and/or reporting issues. If you suspect this is a defect on the platform, you have the option to file an issue tracker via the channels detailed here.
Meantime, I suggest you provide the answers my colleagues are asking on the StackOverflow thread, like how are you implementing Express (and the headers) so we may be able to take a look further on the issue at hand.
Meantime, I suggest you provide the answers my colleagues are asking on the StackOverflow thread, like how are you implementing Express (and the headers) so we may be able to take a look further on the issue at hand.
Reply all
Reply to author
Forward
0 new messages