3

I just upgraded from Angular1.6 -> 4 and I am kinda stuck with the Content-Security-Protocol error : 

http://localhost:4200/:1 GET http://localhost:4200/ 404 (Not Found)
localhost/:1 Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAIt0ABEAAAABQDwAAQABAAAAAAAAAAAAAAAAAAAAACwKGBmIIpVWLACJWGwAUVjI2KwAiNEswkKAwIrswsQAwIrsxEWAwIrWbIEKAZFUkSzCxAEAisA' 
because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.

Like I tried everything I can and lemme post my JSON FILES too! Like can someone please help me understand what exactly is going on, why it ain't working and other possible solutions? And also, I have NOT tried it with a manifest.JSON.... I kinda have a good bit riding on this project, so any help will be much appreciated!

<!doctype html>
<html lang="en">
<head>
  <meta http-equiv="Content-Security-Policy" content="
        default-src 'none';
        style-src 'self' 'unsafe-inline';
        font-src * data:;
        " />
  <meta charset="utf-8">
  <title>Comp</title>
  <base href="/">


  <!-- Latest compiled and minified CSS -->
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">

  <!-- jQuery library -->
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>

  <!-- Latest compiled JavaScript -->
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="icon" type="image/x-icon" href="favicon.ico">
</head>
<body>
  <app-root></app-root>
</body>
</html>

package.JSON : 

{
  "name": "comp",
  "version": "0.0.0",
  "license": "MIT",
  "scripts": {
    "ng": "ng",
    "start": "ng serve && node app.js",
    "build": "ng build",
    "test": "ng test",
    "lint": "ng lint",
    "e2e": "ng e2e"
  },
  "private": true,
  "dependencies": {
    "@angular/animations": "^4.0.0",
    "@angular/common": "^4.0.0",
    "@angular/compiler": "^4.0.0",
    "@angular/compiler-cli": "^4.2.6",
    "@angular/core": "^4.0.0",
    "@angular/forms": "^4.0.0",
    "@angular/http": "^4.0.0",
    "@angular/platform-browser": "^4.0.0",
    "@angular/platform-browser-dynamic": "^4.0.0",
    "@angular/router": "^4.0.0",
    "core-js": "^2.4.1",
    "module": "^1.2.5",
    "mongodb": "^2.2.30",
    "mongoose": "^4.11.1",
    "mongoose-middleware": "^1.0.0",
    "ng2-dnd": "^4.2.0",
    "rxjs": "^5.1.0",
    "zone.js": "^0.8.4"
  },
  "devDependencies": {
    "@angular/cli": "^1.2.0",
    "@angular/language-service": "^4.0.0",
    "@types/jasmine": "~2.5.53",
    "@types/jasminewd2": "~2.0.2",
    "@types/mongodb": "^2.2.7",
    "@types/node": "^8.0.10",
    "body-parser": "^1.17.2",
    "codelyzer": "~3.1.2",
    "jasmine-core": "~2.6.2",
    "jasmine-spec-reporter": "~4.1.0",
    "karma": "~1.7.0",
    "karma-chrome-launcher": "~2.2.0",
    "karma-cli": "~1.0.1",
    "karma-coverage-istanbul-reporter": "^1.2.1",
    "karma-jasmine": "~1.1.0",
    "karma-jasmine-html-reporter": "^0.2.2",
    "protractor": "~5.1.2",
    "ts-node": "~3.2.0",
    "tslint": "~5.5.0",
    "typescript": "~2.4.1"
  }
}
Ronny McNamara
  • 146
  • 1
  • 4
  • 17
  • 1
    Is sound like you have Content-Security-Policy header with a stricter policy than what you’re trying to set with that meta element in the document. You can’t set a less-strict policy that way. You need to change the header value instead. See https://stackoverflow.com/questions/42960811/what-value-to-use-for-content-security-policy-meta-for-video-src-blob/42964566#42964566 and https://stackoverflow.com/questions/44732431/javascript-create-websocket-connection-refused-content-security/44732470#44732470 – sideshowbarker Jul 12 '17 at 13:49
  • Any idea as to find where might this stricter policy be defined at? – Ronny McNamara Jul 13 '17 at 06:07
  • It completely depends on what server software you’re running. If the server is running Apache, it could be in an .htaccess file or it could be in the system /etc/apache2/apache2.conf file, or some other file in /etc/apache2/ directory. If server is running nginx, it could be in the /etc/nginx/nginx.conf file or some other file in the /etc/nginx/ directory… etc. – sideshowbarker Jul 13 '17 at 06:18
  • Just figured out, long story short : arises from a module... Thanks! – Ronny McNamara Jul 13 '17 at 08:49

3 Answers3

1

Shoutout to @sideshowbarker who commented:

sounds like you have Content-Security-Policy header with a stricter policy than what you’re trying to set with that meta element in the document. You can’t set a less-strict policy that way. You need to change the header value instead. See stackoverflow.com/questions/42960811/ … and stackoverflow.com/questions/44732431/

The error has arisen from a stricter CSP inside a module, so try disabling your module imports in your .ts files which is what I did.

Good luck!

shashank
  • 1,133
  • 2
  • 10
  • 24
Ronny McNamara
  • 146
  • 1
  • 4
  • 17
0

If you are receiving ERROR in your terminal node_modules/rxjs/internal/types.d.ts

error TS1005, TS1109

Please try to re-install your rxjs

npm install rxjs@6.0.0 --save

Change to from rxjs 6.4.0 to rxjs: 6.0.0. It worked in my case.

Daniel
  • 10,641
  • 12
  • 47
  • 85
Ankur Sinha
  • 1
-2

If you want to fix this problem, follow this:

  1. Open your Terminal (CMD)
  2. Get into your project (cd C:/user/user/desktop/....)
  3. Write this (npm install --save rxjs-compat)
  4. Restart your project
  5. Done
recnac
  • 3,744
  • 6
  • 24
  • 46
mo_22
  • 1
  • 1
  • 1
    rxjs-compat was released in 2018 this question was asked in 2017. how would that solve the problem? – ysf Jun 14 '19 at 23:56