Actions
Bug #100558
closedContent Security Policy: asset 'livereload' is blocked
Start date:
2023-04-12
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
12
PHP Version:
8.1
Tags:
csp livereload
Complexity:
Is Regression:
Sprint Focus:
Description
Hi,
using this nice feature currently blocks using the CSS and JS Livereload feature during local development.
livereload.js:76 Refused to connect to 'wss://mysite.ddev.site:35729/livereload' because it violates the following Content Security Policy directive: "connect-src 'self' data: *.cookiebot.com *.google-analytics.com".
When allowing the Websocket "wss:" in scp.yaml file
mutations: - mode: set directive: 'connect-src' sources: - "'self'" - 'data:' - '*.cookiebot.com' - '*.google-analytics.com' - 'wss:'
This error occurs:
(1/1) #1677261214 InvalidArgumentException Could not convert source item "wss:" in /var/www/html/vendor/typo3/cms-core/Classes/Security/ContentSecurityPolicy/ModelService.php line 68
I think this could be fixed the simple way with adding e new ENUM to \TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceScheme.php
case wss = 'wss';
But I don't know if this a clean solution.
May someone with deeper CSP Insights can help here.
Actions