I am getting such messages:
```
Refused to load the script 'https://xyz.bitbucket.io/webpack_dist/dir_tree-bundle.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net". 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
```
when opening https://xyz.bitbucket.io/ .
This contradicts https://support.atlassian.com/bitbucket-cloud/docs/publishing-a-website-on-bitbucket-cloud/ , which clearly says this is supported: "Inclusion of JavaScript in your HTML pages."
This looks like a bug. Can someone please also point me to the site to report bugs (irrespective of this issue)?
PS: I've seen the response to https://community.atlassian.com/t5/Bitbucket-questions/How-do-I-use-javascript-in-my-Bitbucket-Pages-website/qaq-p/1180088 as well.
Thanks for reaching out to the community.
As per my testing, I do receive the same error message in my Chrome browser console logs while loading my static website.
[Report Only] Refused to load the script 'https://test.bitbucket.io/some.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net". 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
However, the javascript file is working fine on my static website.
Would it be possible for you to confirm if your javascript file is also working fine on your end?
Also, you can report a bug through this link: https://jira.atlassian.com/projects/BCLOUD/summary
Make sure you're logged in to jira.atlassian.com first using your Atlassian account
Regards,
Mark C
Thank you - despite the messages, the js code is indeed working. However, these confusing messages must go.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for the confirmation.
I'll check this with our internal team and will get back to you.
Regards,
Mark C
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @vishvAs vAsuki
Apologies for the late response here.
I just got a response from our internal team.
As the browser console log error refers to your JS script, you can fix this by adjusting your code since this is something you can control as a static website.
Here are some of the links that might help to fix this on your end:
How to fix 'because it violates the following content security policy directive'
Google | Content Security Policy
Let me know if you have further questions.
Regards,
Mark C
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.