Electron failed to load resource

4
votes

i using https://github.com/pbarbiero/basic-electron-react-boilerplate but after update on my macOS i can't load anymore my application.

On inspector, this error is show:

Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-Z+HxFhVCHMznEI/lLsU2FT9krRiVCTm6bGApEd5HAtk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

index.html Failed to load resource: the server responded with a status of 404 (Not Found)

I tried this technique https://electronjs.org/docs/tutorial/security#csp-http-header but got same error.

My macOS version is Mojave 10.14.2 (18C54)

2
webpackelectroncontent-security-policy

2 Answers

1
votes

I got it fixed:

new HtmlWebpackPlugin({
  'meta': {
    'Content-Security-Policy': { 'http-equiv': 'Content-Security-Policy', 'content': "script-src 'self' 'unsafe-inline'; object-src 'self'" },
  }
}),
0
votes

Had the same problem and I think I found a fix for it. As the warning message suggests, inline-scripts are blocked because they violate the Content Security Policy (CSP).

The CSP is defined in www/index.html: "meta http-equiv="Content-Security-Policy" ...."

Changing

script-src * data: https://ssl.gstatic.com 'unsafe-eval'; in the content-string to

script-src * data: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval';

fixed it for me.

More info here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#Unsafe_inline_script