TransWikia.com

Magento 2.3.5 Content Security Policy CSP for Worker

Magento Asked by Kay Int Veen on November 13, 2021

I was really annoyed by the lack of documentation around the following console errors showing up.

[Report Only] Refused to create a worker from 'blob:https://domain.com/535c516f-8a3a-4d17-b0c0-a207e461f42c' because it violates the following Content Security Policy directive: "worker-src ".

Nowhere I found any information on how to solve it. There is documentation on the content security policy and although its report only its no harm but still irritating.

One Answer

So after some trial and error, I just solved it.

I personally always have a custom baseconfig module in app/code/ so for example /app/code/sitename/baseconfig where i force set certain settings in core_config. so ideal for this kind of stuff. in the etc folder of that module, I added a file called csp_whitelist.xml which is also very clearly documented on Magento devdocs: https://devdocs.magento.com/guides/v2.3/extension-dev-guide/security/content-security-policies.html

In that file i added the following

<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd">
    <policies>
        <policy id="worker-src">
            <values>
                <value id="worker-blob" type="host">blob:</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

Answered by Kay Int Veen on November 13, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP