Content Security Policy blocking firebase user authentication

0
votes

I'm building an app with cordova/vuetify/firebase right now and my content security policy is giving me some trouble.

Anytime I try to create a new user I see this error:

Refused to connect to 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=...' because it violates the following Content Security Policy directive: "connect-src 'self' ws:".

Here's my current CSP

<meta http-equiv=Content-Security-Policy content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:; connect-src 'self' ws:;">

Thanks for any help!

1
firebasefirebase-authenticationcontent-security-policy
Try widening your connect-src; if clientside requests are being made to eg. https://ssl.gstatic.com it must be present in that directive too.pfx
What's the syntax for widening it? Is it something like connect-src 'self' ws: https://ssl.gstatic.com;Ahrkewight
Yes, like that, adding more allowed sources.pfx
Thank you so much! I found all the Google links my app was requesting and approved all of them and now it works!Ahrkewight

1 Answers

0
votes

You keep your links after connect-src 'self'

https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:; connect-src 'self' ______________ ws:;">