Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to handle `unsafe-eval` using bitbucket static sites

jdahlke
jdahlke October 2, 2020

I coded a static page using gatsby and deployed it. :80 is no problem, also when i hosted it on a github static page the console didnt spammed errors. For each <GatsbyImage/> i am using in my project, i get this chrome-console-error on my static page.

[Report Only] Refused to connect to '<URL>' because it violates the following Content Security Policy directive:
"connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net analytics.atlassian.com as.atlassian.com
api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io
xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io <URL>".

Can someone point me to 1. understand the problem 2. handle it properly to avoid all this console errors. i hate errors in live projects ;-)

Answer
Watch
Like Be the first to like this
638 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 5, 2020

Hello,

Could you perhaps give us the URL of the Bitbucket static website that shows these errors so we can take a look?

Kind regards,
Theodora

View More Comments
jdahlke
jdahlke October 5, 2020

Hello,

 

please remove the URL later, so it will not be show, since this is still in development.

The URL is: <URL-removed>

 

I might be able to solve it with this approach follwing this thoughts https://blog.vcarl.com/securing-gatsby-csp/, using this npm package, but i did not find time to evaluate this approach, yet.

 

https://www.npmjs.com/package/gatsby-plugin-csp

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 5, 2020

Thank you, I have taken note of the URL and removed it from your post, I'll be taking a look into this issue. 

Are there any images in that website that are not being displayed? Or only the console errors?

Like
jdahlke
jdahlke October 5, 2020

Strangley enough: all Images are getting loaded. As i mentioned above, i had the site at github.pages before, where no CSP errors occured.

So to answer you question: yes, all Images are loded. 

While my dev build contains only dev-warnings produced by from eslint and webpack, i cannot confirm other errors then which you can see here: 

unsafe_eval.PNG

 

Also: my english is mediocre.

Like
jdahlke
jdahlke October 5, 2020

And when i dig deeper it looks more like an open gatsby.js issue as one can read here https://github.com/gatsbyjs/gatsby/issues/10890

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 23, 2020

Hi @jdahlke ,

I spoke with one of the developers regarding this, these errors in the console are for reporting purposes only for our engineering team, they should appear on every Bitbucket page at the moment. They don't represent anything breaking and I'm afraid that they cannot be avoided.

Kind regards,
Theodora

Like
jdahlke
jdahlke October 27, 2020

Ok, thank you for replying. Just in case you are interested: i initally have been at githubpages, where those kind of errors did not occur. I think we can close here.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security