how to correct issue with nodejs with react app not loading content properly related to Content Security Policy

Question

I'm currently having issues with my code not deploying on heroku with a "Cannot GET /" message, when I seem to have no issues when running the server on my laptop. I'm not sure if it's a path issue as my console issued the following error: Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://mvpauto.herokuapp.com”). Source: ;(function installGlobalHook(window) {

I have not set up my code to tinker with my response object headers to set the CSP, nor do I have any middleware running outside of body-parser, which I also tried to disable in my debugging to no avail. My headers are as follows:

Server  Cowboy
Connection  keep-alive
X-Powered-By    Express
Content-Security-Policy default-src 'self'
X-Content-Type-Options  nosniff
Content-Type    text/html; charset=utf-8
Content-Length  139
Date    Sun, 01 Oct 2017 04:12:05 GMT
Via 1.1 vegur


Request headers (364 B) 
Host    
mvpauto.herokuapp.com
User-Agent      Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/55.0
Accept      text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Language     en-US,en;q=0.5
Accept-Encoding     gzip, deflate, br
DNT     1
Connection      keep-alive
Upgrade-Insecure-Requests       1
Cache-Control       max-age=0

These are the headers when running locally successfully using "heroku local"

X-Powered-By        Express
Accept-Ranges       bytes
Cache-Control       public, max-age=0
Last-Modified       Sun, 01 Oct 2017 03:26:11 GMT
ETag        W/"17f-15ed5f847af"
Date        Sun, 01 Oct 2017 04:29:45 GMT
Connection      keep-alive

Request headers (439 B) 
Host        localhost:5000
User-Agent      Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/55.0
Accept    text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Language     en-US,en;q=0.5
Accept-Encoding     gzip, deflate
DNT     1
Connection      keep-alive
Upgrade-Insecure-Requests       1
If-Modified-Since       Sun, 01 Oct 2017 03:26:11 GMT
If-None-Match       W/"17f-15ed5f847af"
Cache-Control       max-age=0

And then my index.js:

const express = require('express');
const app = express();
const db = require(__dirname + '/../database');
const bodyParser = require('body-parser');
const port = process.env.PORT || 3000;
const path = require('path');

app.use(express.static(path.resolve(__dirname + '/../client/dist')));
const router = require('./routes');    
app.use('/', router);
app.get('/', (req, res) => {
  res.sendFile(__dirname + '/../client/dist/index.html');
});

app.listen(port, () => console.log('Listening on port ' + port));

I don't have any get request handlers for my root('/') endpoint, since on the client side, a get request is submitted to the '/todos' endpoint on load. I tried adding a '/' handler and having get requests to root result in a res.sendFile('index.html'), which in turn results in a "Forbidden" message. Any help would be much appreciated.

Answer 1

I just found the issue, which was that I had my server.js file in a separate server folder in the root of the app repo. This becomes especially problematic when trying to access my client files which sit in a folder that is a sibling of the server dir, as the only way to traverse to the client directory is through passing through the shared parent, which I don't have access to. This is all gathered from observation and having run 'heroku run ls ~', as I can't find any of this in their documentation nor discussed online elsewhere.