Alpine CSP Expression Error

Question

Alpine CSP Expression Error

dest4590 opened this issue a month ago · comments

I have an error when visiting the admin, I always have these windows open:

And I can not close them in any way, and in the console writes this:

alpine.js:1 Alpine Expression Error: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'". 
Expression: "{ sidebarMobileOpen: false, sidebarDesktopOpen: true }"

I tried to find an issue like this, but I couldn't find it, they say that the problem is in cloudflare, I tried to turn off all optimization settings, but it didn't help me.

Lukas Vinclav · Answer 1 · Mon Jun 03 2024 15:27:05 GMT+0800 (China Standard Time)

Are you using django-csp?

Purpl3 · Answer 2 · Mon Jun 03 2024 15:31:37 GMT+0800 (China Standard Time)

Are you using django-csp?

no, just unfold admin, you can check my project at https://github.com/dest4590/CollapseWeb

Purpl3 · Answer 3 · Mon Jun 03 2024 16:32:59 GMT+0800 (China Standard Time)

Are you using django-csp?

Hi, I fixed the error, it turns out that for some reason the admin thinks it is not allowed to use resources, I installed django-csp, and allowed all scripts and so on, and everything works, thanks.

I just added these lines to the settings

CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'", "'unsafe-eval'", "*")
CSP_IMG_SRC = ("'self'", "'unsafe-inline'", "'unsafe-eval'", "*", "data:")