Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to handle `unsafe-eval` using bitbucket static sites Edited

I coded a static page using gatsby and deployed it. :80 is no problem, also when i hosted it on a github static page the console didnt spammed errors. For each <GatsbyImage/> i am using in my project, i get this chrome-console-error on my static page.

[Report Only] Refused to connect to '<URL>' because it violates the following Content Security Policy directive:
"connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net analytics.atlassian.com as.atlassian.com
api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io
xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io <URL>".

Can someone point me to 1. understand the problem 2. handle it properly to avoid all this console errors. i hate errors in live projects ;-)

1 answer

0 votes

Hello,

Could you perhaps give us the URL of the Bitbucket static website that shows these errors so we can take a look?

Kind regards,
Theodora

Hello,

 

please remove the URL later, so it will not be show, since this is still in development.

The URL is: <URL-removed>

 

I might be able to solve it with this approach follwing this thoughts https://blog.vcarl.com/securing-gatsby-csp/, using this npm package, but i did not find time to evaluate this approach, yet.

 

https://www.npmjs.com/package/gatsby-plugin-csp

Thank you, I have taken note of the URL and removed it from your post, I'll be taking a look into this issue. 

Are there any images in that website that are not being displayed? Or only the console errors?

Strangley enough: all Images are getting loaded. As i mentioned above, i had the site at github.pages before, where no CSP errors occured.

So to answer you question: yes, all Images are loded. 

While my dev build contains only dev-warnings produced by from eslint and webpack, i cannot confirm other errors then which you can see here: 

unsafe_eval.PNG

 

Also: my english is mediocre.

And when i dig deeper it looks more like an open gatsby.js issue as one can read here https://github.com/gatsbyjs/gatsby/issues/10890

Hi @jdahlke ,

I spoke with one of the developers regarding this, these errors in the console are for reporting purposes only for our engineering team, they should appear on every Bitbucket page at the moment. They don't represent anything breaking and I'm afraid that they cannot be avoided.

Kind regards,
Theodora

Ok, thank you for replying. Just in case you are interested: i initally have been at githubpages, where those kind of errors did not occur. I think we can close here.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Bitbucket

Share your use cases: How do you use the Bitbucket-Jira integration? How does it help your team?

Hey everyone, over the past year, we've added several new features to how you can use Bitbucket and Jira together. We'd love to know how you'll are using the integration and how it's helping your tea...

43 views 0 1
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you