meteor-mocha icon indicating copy to clipboard operation
meteor-mocha copied to clipboard

Published 20 hours ago verified publisher icon Meteor-Community-Packages

CSS missing during client side tests due to brower-policy

Open Floriferous opened this issue 3 years ago • 1 comments

I just started noticing that the CSS from mochajs started missing during our client-side tests.

The issue appears to be that the CSS now comes from cdn.jsdelivr.net, maybe they changed it?

Refused to load the stylesheet 'https://cdn.jsdelivr.net/gh/mochajs/[email protected]/mocha.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://cdn.rawgit.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

Adding this to server.js fixes the issue for us:

if (Package['browser-policy-common'] && Package['browser-policy-content']) {
  const { BrowserPolicy } = Package['browser-policy-common'];

  // Allow the remote mocha.css file to be inserted, in case any CSP stuff
  // exists for the domain.
  BrowserPolicy.content.allowInlineStyles();
  BrowserPolicy.content.allowStyleOrigin('https://cdn.rawgit.com');
  BrowserPolicy.content.allowStyleOrigin('https://cdn.jsdelivr.net/gh/mochajs'); // NEW: might as well be specific
}

Floriferous avatar Oct 22 '21 13:10 Floriferous

That only worked on us if we add the code to a server/security.tests.js file, otherwise it wasn't loading.

santiagopuentep avatar Oct 05 '22 23:10 santiagopuentep