0

I am not getting data from Rest Get service url in ember(I am getting data when I hit service via browser and Rest client). When I checked the console, I found that it is listed as blocked-uri. How can I remove that from the blocked-uri list.

{
"csp-report": {
"blocked-uri": "http://192.168.1.66:8080/hubx/employees",
"document-uri": "http://localhost:4200/data-grid",
"original-policy": "default-src 'none'; script-src http://localhost:4200 'unsafe-eval' 'unsafe-inline' http://localhost:49152 http://0.0.0.0:49152; font-src http://localhost:4200; connect-src http://localhost:4200 ws://localhost:49152 ws://0.0.0.0:49152 http://localhost:4200; img-src http://localhost:4200; style-src http://localhost:4200; media-src http://localhost:4200; report-uri http://localhost:4200/csp-report",
"referrer": "",
"violated-directive": "connect-src http://localhost:4200 ws://localhost:49152 ws://0.0.0.0:49152 http://localhost:4200"
}
}
Manu Benjamin
  • 987
  • 9
  • 24
  • Possible duplicate of [Violating Content Security Policy directive after Ember upgrade](https://stackoverflow.com/q/26192316/608639) – jww Oct 19 '18 at 06:44

1 Answers1

0

I have remove the url from blocked-uri by adding the url to connect-src.

   contentSecurityPolicy: {
     'connect-src': "'self' http://localhost:4200 http://192.168.1.66:8080 ",
   }

But that was not the issue for me. Issue was due to Cross-Origin Resource Sharing and it is fixed by adding the filters in web.xml of tomact server.

<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
 <param-name>cors.allowed.origins</param-name>
 <param-value>*</param-value>
</init-param>
<init-param>
 <param-name>cors.allowed.methods</param-name>
 <param-value>GET,POST,HEAD,OPTIONS,DELETE,PUT</param-value>
</init-param>
<init-param>
 <param-name>cors.allowed.headers</param-name>
  <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-  Request-Method,Access-Control-Request-Headers,Authorization</param-value>
 </init-param>
<init-param>
 <param-name>cors.exposed.headers</param-name>
 <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
 <param-name>cors.support.credentials</param-name>
 <param-value>true</param-value>
</init-param>
<init-param>
 <param-name>cors.preflight.maxage</param-name>
 <param-value>10</param-value>
</init-param>
 </filter>
<filter-mapping>
 <filter-name>CorsFilter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>
Manu Benjamin
  • 987
  • 9
  • 24