asyncapi-react icon indicating copy to clipboard operation
asyncapi-react copied to clipboard

Published 20 hours ago verified publisher icon asyncapi

CSP violation in AsyncApi React component

Open ShelMatt opened this issue 11 months ago • 3 comments

Description I'm trying to use AsyncApiComponent in React to display the AsyncAPI documentation in a web page. But I'm getting an error which says Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". in the console. I tried to troubleshoot the issue. I found somewhere in ajv the code is calling a new Function.

Expected result The AsyncAPI should be displayed.

Actual result Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".

Steps to reproduce

image

Troubleshooting I tried to understand the base of this issue. I found somewhere in ajv the code is calling a new Function. try { var makeValidate = new Function( 'self', 'RULES', 'formats', 'root', 'refVal', 'defaults', 'customRules', 'equal', 'ucs2length', 'ValidationError', sourceCode );

ShelMatt avatar Jul 20 '23 09:07 ShelMatt

Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

github-actions[bot] avatar Jul 20 '23 09:07 github-actions[bot]

@ShelMatt do you mind sharing how I can reproduce this error?

AceTheCreator avatar Aug 11 '23 17:08 AceTheCreator

This issue has been automatically marked as stale because it has not had recent activity :sleeping:

It will be closed in 120 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation.

There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.

Let us figure out together how to push this issue forward. Connect with us through one of many communication channels we established here.

Thank you for your patience :heart:

github-actions[bot] avatar Dec 10 '23 00:12 github-actions[bot]