[DAEMON-339] Redirect to webpack UI no longer works
| GitHub Issue | n/a |
|---|---|
| Type | Bug |
| Priority | None |
| Status | Resolved |
| Resolution | Fixed |
| Resolution Date | 2021-01-26T18:33:08.000+0000 |
| Affected Version/s | Appc Daemon 4.0.0 |
| Fix Version/s | Appc Daemon 4.0.1 |
| Components | appcd-http |
| Labels | n/a |
| Reporter | Ewan Harris |
| Assignee | Chris Barber |
| Created | 2021-01-26T13:03:22.000+0000 |
| Updated | 2021-01-26T18:33:08.000+0000 |
Description
When the webpack plugin starts up it logs
http://127.0.0.1:1732/webpack/latest/web which is ultimately just a redirect to http://localhost:8084/webpack/, in daemon 3.2.0 this worked just fine. But in daemon 4.0.0 the redirect doesn't occur and Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-rbDz5zKbrDcvUjvzY4CUJr/ihRIJa3MRNe6JClpt9Jc='), or a nonce ('nonce-...') is required to enable inline execution is logged in the console
This is down to the koa-helmet 5 -> 6 update which includes the helmet 3 -> 4 update. Helmet 4 enabled CSP by default https://github.com/helmetjs/helmet/wiki/Helmet-4-upgrade-guide, it either needs disabling completely by passing
{contentSecurityPolicy: false}to koa-helmet, or by setting the CSP to be validPR: https://github.com/appcelerator/appc-daemon/pull/522