The situation is the following, I have been using workbox to precache files. It works locally, but when I upload my changes to an actual web page. I get the following error:
workbox-sw.js:1 Refused to load the script https://storage.googleapis.com/workbox-cdn/releases/6.0.2/workbox-routing.prod.js because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://api.paguetodo.com https://static.paguetodo.com.
Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback
So what I have been trying to do is using local Workbox files instead of CDN. When I perform the commands everything seems fine and the files are added to my project, but when I try to import them like this in my service worker file:
importScripts('workbox-v6.0.0/workbox-sw.js');
workbox.setConfig({
modulePathPrefix: 'workbox-v6.0.0/'
});
I get the following error in the browser:
Strategy.js:143 Uncaught (in promise) TypeError: this.q is not a function
at w.v (Strategy.js:143)
Related
I use for dev http protocol and load script like module ->
<script defer type="module" src="App.js"></script>
For some reason for https i need to build it with browserify and esmify to make it work. [not important i already ask Q about this]
In that case i use load script like text/javascript
<script defer src="../../builds/slot.js"></script>
This all works fine if i have app.js in root folder.
Why i can't fix Uncaught TypeError: Failed to resolve module specifier "*******". Relative references must start with either "/", "./", or "../". when my App.js is not in root dir?
For example my import looks like:
import * as blabla from "./../../node_modules/blabla/index.js";
I have a Jenkins server that gets regularly automatically rebuilt using the contents of /var/lib/jenkins. After running a Robot test, attempting to access the html file results in the following error;
Opening Robot Framework log failed
Verify that you have JavaScript enabled in your browser.
Make sure you are using a modern enough browser. Firefox 3.5, IE 8, or equivalent is required, newer browsers are recommended.
Check are there messages in your browser's JavaScript error log. Please report the problem if you suspect you have encountered a bug.
I am looking for a fix that is either a) a command line fix which I can add to the bootstrapping of the new server, or b) another solution which will work on my existing server (i.e. not require a new (empty) Jenkins server) and persist when the server is refreshed (i.e. the old server terminated, and a new server with the same /var/lib/jenkins started).
I've tried everything in this thread Error: Opening Robot Framework log failed
The only success I have had is running this line in the Script Console;
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;")
After running this script I am able to access the html file of any new Robot execution. However the change doesn't persist to a new server.
In order to make this success persistent, I have tried adding the following lines when bootstrapping a new server, and while the no error message gets thrown, the properties do not get changed;
crumb=$(curl --user '<user>:<password>' -X GET http://127.0.0.1:8080/crumbIssuer/api/json | jq -r .crumb)
curl --user '<user>:<password>' -H 'Jenkins-Crumb: $crumb' --data-urlencode 'script=System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;")' http://127.0.0.1:8080/script
Am I using the /script incorrectly? Is there another way of setting these parameters via the command line?
Thanks for your help.
UPDATE:
I have got one step further: I can now send the command to the script console remotely, and it appears to return the property changes as expected, (i.e. the same changes as if the command is entered manually into the Script Console), BUT the html files fail to open. If the same command is manually entered into the Script Console, the html file opens as expected.
The new commands I am using;
crumb=$(curl --user 'admin:password' -X GET http://127.0.0.1:8080/crumbIssuer/api/json | jq -r .crumb)
echo 'System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;")' > script.groovy
curl --user 'admin:password' -H "Jenkins-Crumb: $crumb" --data-urlencode "script=$(<./script.groovy)" http://127.0.0.1:8080/scriptText
Getting the error Error: [$injector:unpr] Unknown provider: IdleProvider in my application when it is deployed to our staging server using dokku but I am not getting it when running it on my local machine. I'm using ng-idle 1.2.1
I've found this question asked a number of times but the cause was always related to the changes made in version 1.0.0 where the service names were changed. The only thing I can think of is that the minification of the code is the problem but as far as I can see the code should be ok but I am not an expert. Any help would be greatly appreciated.
It's written in Coffeescript
configuration = (RestangularProvider, $logProvider, growlProvider, IdleProvider, KeepaliveProvider) ->
.
.
.
return
configuration.$inject = [
'RestangularProvider'
'$logProvider'
'growlProvider'
'IdleProvider'
'KeepaliveProvider'
]
angular
.module 'vssApp.config', [
'restangular'
]
.config configuration
EDIT
While trying to replicate the problem on my local machine I removed the 'ngIdle' module in the modules array below. This resulted in the same behavior so I am assuming that the problem stems from the ngIdle module not being loaded correctly here. I still feel that minification could be causing the problem but, again, I'm not sure why or how to fix it.
modules = [
'ui.router'
'ui.bootstrap'
'ui.select'
'ngAnimate'
'ngMessages'
'ngSanitize'
'ngCookies'
'smart-table'
'angularMoment'
'templates'
'angular-storage'
'angular-growl'
'vssApp.core.auth'
'vssApp.core.loading'
'ngIdle'
'cgPrompt'
'vssApp.filters'
]
runBlock.$inject = [
'$templateCache'
]
angular
.module 'vssApp.core', modules
.run runBlock
EDIT 2
Here's the full output from the error message I'm getting
Error: [$injector:modulerr] Failed to instantiate module vssApp due to:
Error: [$injector:modulerr] Failed to instantiate module vssApp.config due to:
Error: [$injector:unpr] Unknown provider: IdleProvider
http://errors.angularjs.org/1.3.16/$injector/unpr?p0=IdleProvider
at https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:3:18814
at https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:16489
at getService (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:14903)
at Object.invoke (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:15466)
at runInvokeQueue (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:13793)
at https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:14062
at forEach (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:3:19482)
at loadModules (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:13587)
at https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:13964
at forEach (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:3:19482)
http://errors.angularjs.org/1.3.16/$injector/modulerr?p0=vssApp.config&p1=E…net%2Fassets%2Fapplication-85a5fd382c73380bf2a71b66e581c941.js%3A3%3A19482)
at https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:3:18814
at https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:14406
at forEach (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:3:19482)
at loadModules (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:13587)
at https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:13964
at forEach (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:3:19482)
at loadModules (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:13587)
at createInjector (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:4:16844)
at doBootstrap (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:3:28466)
at bootstrap (https://SERVER/assets/application-85a5fd382c73380bf2a71b66e581c941.js:3:28995)
http://errors.angularjs.org/1.3.16/$injector/modulerr?p0=vssApp&p1=Error%3A…net%2Fassets%2Fapplication-85a5fd382c73380bf2a71b66e581c941.js%3A3%3A28995)
A rule of thumb is to load modules dependencies in each place where they are used. This allows to decouple them. And this eliminates race condition with service provider injection.
If the app looks like this
angular.module('vssApp', ['vssApp.config', 'ngIdle', ...])..
angular.module('vssApp.config', ['restangular'])...
service provider for Idle service is not defined at the time when vssApp.config module is loaded.
While this
angular.module('vssApp', ['ngIdle', 'vssApp.config', ...])
angular.module('vssApp.config', ['restangular'])...
avoids race condition but still indicates code smell.
It should be
angular.module('vssApp.config', ['restangular', 'ngIdle'])...
This issue applies to service providers only and config phase. Service instances can be injected for any module order.
Finally found the cause and solution to this, it seems to have been a bower issue.
It's a Rails app, so I specified ng-idle 1.2.1 in the bower.json file but for some reason the bower file was ignored when the app was being deployed using Dokku and the last installed version 0.3.5 remained, which meant that the pre-1.0.0 ng-idle services naming convention was still being used where all service names were preceded with a $. This resulted in the Unknown provider: IdleProvider error because $IdleProvider was the actual service name.
In the end I had to connect to the docker container and remove and reinstall all bower components. Running bower update as part of the deployment was not enough for some reason. When I have more time I will investigate what caused this behavior and I will report here.
I have a Jenkins job which should display the HTML report after the completion of the job, I added the publish HTML reports plugin. But, After the completion of the job if I click on the HTML Report its not showing any content properly. If I open the same index.html manually through some browser its showing the contents. But if I open it via Jenkins its not listing any contents. The generated HTML report has some zip on the top right corner if I download the zip and extract it its showing all the contents required to displayed on the report.
Got the same issue and solved by changing some default Content Security Policy in jenkins:
=> Goto Manage Jenkins -> Script Console- "then write below lines" -> Run
System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP");
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; default-src 'self'; script-src * 'unsafe-eval'; img-src *; style-src * 'unsafe-inline'; font-src *");
Open: /etc/sysconfig/jenkins
Find the : JENKINS_JAVA_OPTIONS
Add (with the quotes):
"-Dhudson.model.DirectoryBrowserSupport.CSP=\"default-src *;style-src 'unsafe-inline';script-src 'unsafe-inline';img-src * data: blob: filesystem:\"
Please note that this might pose as a security issue and you should consider reading https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
Good luck!
I'm trying to report my .html file with HTML publisher plugin in Jenkins
however,since HTML publisher is updated to version 1.10, can't publish HTML.
Error message I'm getting:
Blocked script execution in '{mydomain}' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Uncaught SecurityError: Failed to read the 'localStorage' property from 'Window': The document is sandboxed and lacks the 'allow-same-origin' flag.
I found this doc:
https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
It tells about CSP.
I run Jenkins with arg :
/usr/bin/java -Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=sandbox allow-scripts; style-src 'unsafe-inline' *;script-src 'unsafe-inline' *; -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
but still got same error above.
what i tried args :
1. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; default-src 'self';"
2. -Dhudson.model.DirectoryBrowserSupport.CSP=
3. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; default-src *;"
4. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src *;"
.html is located in :
{mydomain}/job/{job_name}/Doc/index.html
I faced similar issue I found and applied following solution:
Steps:
Go to the Jenkins Admin page (login as admin).
Go to Manage Jenkins -> Script Console
Then in the script console copy paste following it made it work
Snippet: System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; default-src *; style-src * http://* 'unsafe-inline' 'unsafe-eval'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'");
This link provides more details on each of the parameters that we have set in the above code line.
Note for Persistency in jenkins configuration:
#RayKim mentioned this is not a sustainable change. If you want to keep this change permanently then in that case you should set this property values up in the JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.remoting.Launcher.pingIntervalSec=0"
After setting this variable you have to restart your Jenkins to load the new configuration.
Can you have a try with a blank CSP option?
/usr/bin/java -Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP= -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
On my Jenkins instance, it solved my reporting issues.
I know it's not a safe option, but I didn't find another solution :(
For me above didn't work;
I tried this
Manage Jenkins -> Script Console
Copy-paste this
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
For permanent solution:
Add the following to JAVA_ARGS under /etc/default/jenkins:
-Dhudson.model.DirectoryBrowserSupport.CSP=""