Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

Recognition

  • Give kudos
  • My kudos

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to handle `unsafe-eval` using bitbucket static sites Edited

I coded a static page using gatsby and deployed it. :80 is no problem, also when i hosted it on a github static page the console didnt spammed errors. For each <GatsbyImage/> i am using in my project, i get this chrome-console-error on my static page.

[Report Only] Refused to connect to '<URL>' because it violates the following Content Security Policy directive:
"connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net analytics.atlassian.com as.atlassian.com
api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io
xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io <URL>".

Can someone point me to 1. understand the problem 2. handle it properly to avoid all this console errors. i hate errors in live projects ;-)

1 answer

0 votes

Hello,

Could you perhaps give us the URL of the Bitbucket static website that shows these errors so we can take a look?

Kind regards,
Theodora

Hello,

 

please remove the URL later, so it will not be show, since this is still in development.

The URL is: <URL-removed>

 

I might be able to solve it with this approach follwing this thoughts https://blog.vcarl.com/securing-gatsby-csp/, using this npm package, but i did not find time to evaluate this approach, yet.

 

https://www.npmjs.com/package/gatsby-plugin-csp

Thank you, I have taken note of the URL and removed it from your post, I'll be taking a look into this issue. 

Are there any images in that website that are not being displayed? Or only the console errors?

Strangley enough: all Images are getting loaded. As i mentioned above, i had the site at github.pages before, where no CSP errors occured.

So to answer you question: yes, all Images are loded. 

While my dev build contains only dev-warnings produced by from eslint and webpack, i cannot confirm other errors then which you can see here: 

unsafe_eval.PNG

 

Also: my english is mediocre.

And when i dig deeper it looks more like an open gatsby.js issue as one can read here https://github.com/gatsbyjs/gatsby/issues/10890

Hi @jdahlke ,

I spoke with one of the developers regarding this, these errors in the console are for reporting purposes only for our engineering team, they should appear on every Bitbucket page at the moment. They don't represent anything breaking and I'm afraid that they cannot be avoided.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,892 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you