Fresh Nuxt3 installation throws Content Security Policy error
I have a fresh nuxt3 installation, nothing modified. But when i run "yarn run dev" on server and open the site in browser i got some errors:
Refused to load the script '
../nuxt/dist/app/entry.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
I then add the "nuxt-security" module, configure it but this doesnt work as well.
Could maybe someone give me a hint how to configure csp for nuxt3? Or why this isnt working out of the box?
PS: When i run yarn run dev on local machine i can open the site without errors. But if i depoloy it on the server and run there the command, view the page in browser there are the errors.
Thanks for helping7 Replies
no ideas? I couldnt believe that i am the only one with this problem. π
I think since it's in server environment it is a bit hard for anyone to be able to help since a reproduction wont be possible. Could you provide some more information about the deployment process? Maybe a step by step how you deploy it, start it and so on. What server environment? What provider?
Thanks for reply. I understand that its a little bit tricky to find out where the issue is.
I have my own server by 1&1 / Ionos. I have node and apache running there. I have domains pointing to the server and have a proxy servervhost conf for the nuxt app.
For testing i try to install a fresh nuxt project on my server. Nothing modified or added from my site. After "yarn install" i run "yarn run dev". And then i look in the frontend and there are appears csp errors in the browser console.
You see, there is nothing special in my config.
Hi! first thing to check, you shouldn't run in dev on server
you shouldn't deploy the dev mode in production π
take a look at the deployment docs, that should solve your issues. dev is only for local environment
https://nuxt.com/docs/getting-started/deployment
Nuxt
Deployment Β· Get Started with Nuxt
Learn how to deploy your Nuxt application to any hosting provider.
Yeah, Thanks for helping. The dev mode was for testing purposes. I had the csp Problems in dev and prod mode. But the Problem was the headers from Apache. I unset the csp headers and then it works. So i trink i have to Look deeper there. But thank you very much.