How to fix Content Security Policy error Node app

Question

const express = require('express');
const graphqlHTTP = require('express-graphql');
const schema = require('./schema/schema');

const app = express();

app.use('/graphql', graphqlHTTP({
   schema,
   graphiql: true,
}));

app.listen(5000, () => {
   console.log('now listening for requests on port 5000')
})

GET http://localhost:5000/ 404 (Not Found)

localhost/:1 Refused to load the image 'http://localhost:5000/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

I'm getting a "content security policy error on my node app. I'm only running a simple node server app. I added a favicon.ico image in the root folder as per the error message request , but it doesn't go away.

You need to share your server code or we don't know what it's actually doing. — Jacob, Mar 21 '20 at 02:48
`const express = require('express'); const graphqlHTTP = require('express-graphql'); const schema = require('./schema/schema'); const app = express(); app.use('/graphql', graphqlHTTP({ schema, graphiql: true, })); app.listen(5000, () => { console.log('now listening for requests on port 5000') })` — Davit G, Mar 21 '20 at 02:50
Can you edit your question to contain the code so it's more readable? — Jacob, Mar 21 '20 at 02:51
@Jacob, thank you , let me edit the question or add a screenshot of the code — Davit G, Mar 21 '20 at 02:52
Please put the code in there, not a screenshot. Also, posting the _text_ of the error message rather than a screenshot of the error makes it searchable so others with the same error can find your question. — Jacob, Mar 21 '20 at 02:52

score 0 · Accepted Answer · answered Mar 21 '20 at 02:56

0

An express server doesn't automatically serve up files in your source directory. If you want requests to /favicon.ico to serve up your file, you'll need to add the appropriate logic to your server:

const path = require('path');

app.get('/favicon.ico', (req, res) => {
  // Use actual relative path to your .ico file here
  res.sendFile(path.resolve(__dirname, '../favicon.ico'));
});

answered Mar 21 '20 at 02:56

Jacob

77,566
24
149
228

tried that , but doesn't make a difference; thank you though – Davit G Mar 21 '20 at 03:04
Do you see the `.ico` file getting downloaded when the browser requests `/favicon.ico`? – Jacob Mar 21 '20 at 03:08
it shows (blocked: csp) in the network tab of chrome dev tools – Davit G Mar 21 '20 at 03:16

How to fix Content Security Policy error Node app

1 Answers1